I think I have something really bad on my computer

View previous topic View next topic Go down

I think I have something really bad on my computer

Post by rachelle01 on 18th February 2010, 3:45 pm

My son was on the computer and he swears he did not do anything but now I cannot do anything. I have thousands of pages coming up with nothing but porn. I cannot download or uninstall anything. Everytime I try I get this message "application cannot be executed. The file wuauclt.exe is infected"

Any help you could give me would be very much appreciated. I did already try to download both Hijack This and Malwarebytes and it won't let me do either.

rachelle01
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-02-18
OS OS : Windows Vista
Points Points : 24958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I think I have something really bad on my computer

Post by Belahzur on 18th February 2010, 7:41 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I think I have something really bad on my computer

Post by abfabb on 18th February 2010, 7:47 pm

Sounds like the same thing I picked up this morning.

I went to this link - on this site - and it totally solved my problem.

[You must be registered and logged in to see this link.]

My computer was so messed up that I had to find another one to get on the internet to actually be able to see what had to be done to fix it. Presume you have access to another computer as you posted here.

Good luck. It totally solved my problem so far.

abfabb
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2010-02-18
OS OS : Vista
Points Points : 24895
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I think I have something really bad on my computer

Post by rachelle01 on 19th February 2010, 2:25 pm

I had to go into safe mode to get this to work but here it is. Thanks for your help!
OTL logfile created on: 2/19/2010 8:21:42 AM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\clint\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.79 Gb Total Space | 20.86 Gb Free Space | 9.36% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.72 Gb Free Space | 47.24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 149.04 Gb Total Space | 110.28 Gb Free Space | 73.99% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CLINT-PC
Current User Name: clint
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/19 08:21:09 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\clint\Desktop\OTL.exe
PRC - [2009/04/11 00:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 00:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2008/01/19 01:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe


========== Modules (SafeList) ==========

MOD - [2010/02/19 08:21:09 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\clint\Desktop\OTL.exe
MOD - [2009/04/11 00:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (EzEITService)
SRV - File not found [Auto | Stopped] -- -- (EITUACService)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2010/01/07 14:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 14:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/12/01 15:46:23 | 000,030,192 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/11/24 17:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Disabled | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 17:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [Disabled | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 17:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [Disabled | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 17:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Disabled | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/04/12 04:57:17 | 000,000,016 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2008/11/20 13:18:52 | 000,136,120 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/10/21 11:50:02 | 000,077,312 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2008/09/17 23:55:00 | 000,196,608 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/07/18 13:13:20 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 13:13:20 | 000,044,032 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/05/31 08:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 08:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/04/23 10:43:54 | 000,310,008 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2007/04/23 10:43:54 | 000,166,648 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2007/04/23 10:43:46 | 001,010,424 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/04/22 19:29:34 | 000,088,824 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/04/22 19:29:32 | 000,359,160 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2006/11/07 11:27:02 | 000,070,656 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/02 06:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/09/29 10:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/09/14 12:54:34 | 000,073,728 | ---- | M] (MicroVision Development, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/08/04 18:39:20 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Disabled | Stopped] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/12/28 21:40:03 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ov550i.sys -- (APL531)
DRV - [2009/11/24 17:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 17:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 17:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/11/24 17:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 17:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/04/10 22:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2009/04/10 22:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/04/07 15:33:08 | 000,026,416 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2009/04/07 15:33:08 | 000,024,880 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/11/20 13:19:06 | 000,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/09/17 23:55:00 | 007,379,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/20 18:33:50 | 000,022,784 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2008/01/19 00:14:10 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serscan.sys -- (StillCam)
DRV - [2008/01/18 23:57:15 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2008/01/18 22:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/12/04 17:10:30 | 000,016,640 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/07/13 05:48:10 | 000,441,088 | ---- | M] (Conexant, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\av88base.sys -- (AV88BASE)
DRV - [2007/06/13 20:23:56 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/06/13 20:23:56 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/06/13 20:23:56 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/04/03 12:59:42 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
DRV - [2007/04/03 12:59:42 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616obex.sys -- (s616obex)
DRV - [2007/04/03 12:59:42 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS)
DRV - [2007/04/03 12:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 12:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdm.sys -- (s616mdm)
DRV - [2007/04/03 12:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdfl.sys -- (s616mdfl)
DRV - [2007/04/03 12:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV - [2007/03/20 06:21:18 | 000,046,848 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mr7910.sys -- (mr7910)
DRV - [2007/02/09 12:32:30 | 001,476,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/02/07 23:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/01/18 09:24:58 | 000,026,496 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2006/11/02 03:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 03:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 03:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 03:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 03:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 03:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 03:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 03:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 03:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 03:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 03:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 03:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 03:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:27:21 | 000,392,320 | ---- | M] (Lumanate, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AngelUsb.sys -- (AngelUsb)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/11/02 01:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2006/11/02 01:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 01:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 00:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/05 14:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/29 13:59:58 | 000,250,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006/08/17 13:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/08/04 18:39:20 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudio)
DRV - [2006/06/19 15:26:50 | 000,094,208 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\Windows\System32\mdmxsdk.dll -- (mdmxsdk)
DRV - [2006/03/22 18:57:44 | 000,073,984 | ---- | M] (Fuzhou Rockchip Electronics Co,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rockusb.sys -- (rockusb)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2003/11/06 12:04:24 | 000,068,320 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Tpkd.sys -- (TPkd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "eBay"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070614"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20081111


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/09 12:23:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/09 12:23:45 | 000,000,000 | ---D | M]

[2008/09/13 19:57:36 | 000,000,000 | ---D | M] -- C:\Users\clint\AppData\Roaming\Mozilla\Extensions
[2010/02/19 08:13:56 | 000,000,000 | ---D | M] -- C:\Users\clint\AppData\Roaming\Mozilla\Firefox\Profiles\0su737fw.default\extensions
[2008/12/17 21:11:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\clint\AppData\Roaming\Mozilla\Firefox\Profiles\0su737fw.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2008/04/11 20:42:40 | 000,000,000 | ---D | M] (Tab Effect) -- C:\Users\clint\AppData\Roaming\Mozilla\Firefox\Profiles\0su737fw.default\extensions\{0784CD66-62FE-4cef-ABF4-F8ED9B654ACC}
[2008/12/18 15:22:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\clint\AppData\Roaming\Mozilla\Firefox\Profiles\0su737fw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/12/17 21:11:18 | 000,000,000 | ---D | M] (WOT) -- C:\Users\clint\AppData\Roaming\Mozilla\Firefox\Profiles\0su737fw.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/04/23 17:21:08 | 000,000,000 | ---D | M] (LeechBlock) -- C:\Users\clint\AppData\Roaming\Mozilla\Firefox\Profiles\0su737fw.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
[2008/07/02 19:42:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\clint\AppData\Roaming\Mozilla\Firefox\Profiles\0su737fw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/05/08 07:21:48 | 000,001,074 | ---- | M] () -- C:\Users\clint\AppData\Roaming\Mozilla\Firefox\Profiles\0su737fw.default\searchplugins\wikipedia-en.xml
[2009/12/22 21:28:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/13 19:57:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\inspector@mozilla.org
[2008/09/13 19:57:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll (BitComet)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [mqjwafft] C:\Users\clint\AppData\Local\qqbsun\marjsftav.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll (BitComet)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: hp.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: hp.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} [You must be registered and logged in to see this link.] (PCPitstop Utility)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} [You must be registered and logged in to see this link.] (PCPitstop AntiVirus)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} [You must be registered and logged in to see this link.] (Image Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} [You must be registered and logged in to see this link.] (mhLabel Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 76.85.229.110 76.85.229.111
O18 - Protocol\Handler\HPDCS {ba135f49-a12c-4e26-a2c4-6ea945999072} - C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppfile {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppsam {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppzip {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\IT Works\Ez Internet Timer\EzInternetTimer.exe) - C:\Program Files\IT Works\Ez Internet Timer\EzInternetTimer.exe File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0a8fce50-1f3b-11dc-8d2b-0019d17291cf}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/19 08:21:09 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\clint\Desktop\OTL.exe
[2010/02/17 12:37:37 | 000,000,000 | ---D | C] -- C:\Users\clint\AppData\Local\qqbsun
[2010/02/12 22:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys
[2010/02/12 22:31:56 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2010/02/12 22:31:28 | 000,076,184 | ---- | C] (WebEx Communications, Inc.) -- C:\Windows\System32\atsckernel.exe
[2010/02/12 22:31:26 | 000,020,376 | ---- | C] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
[2010/02/12 22:31:23 | 000,000,000 | ---D | C] -- C:\ProgramData\webex
[2010/02/12 22:30:07 | 000,024,880 | ---- | C] (Cisco Systems, Inc.) -- C:\Windows\System32\drivers\pnarp.sys
[2010/02/12 22:29:39 | 000,026,416 | ---- | C] (Cisco Systems, Inc.) -- C:\Windows\System32\drivers\purendis.sys
[2010/02/12 22:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2010/02/12 22:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Pure Networks
[2010/02/10 05:07:02 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/10 05:07:02 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/10 05:04:56 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/10 05:04:56 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/10 05:04:56 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/10 05:04:56 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/01/31 23:46:50 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/01/22 05:44:02 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/22 05:44:02 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/22 05:44:02 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/01/22 05:44:01 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

========== Files - Modified Within 30 Days ==========

[2010/02/19 08:21:09 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\clint\Desktop\OTL.exe
[2010/02/19 08:18:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/19 08:14:36 | 004,194,304 | -HS- | M] () -- C:\Users\clint\ntuser.dat
[2010/02/19 08:14:36 | 000,524,288 | -HS- | M] () -- C:\Users\clint\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/02/19 08:14:36 | 000,065,536 | -HS- | M] () -- C:\Users\clint\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/02/19 08:08:07 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/19 08:08:06 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/19 08:08:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/02/19 08:08:03 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/19 08:04:59 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EE42D0E9-340B-489E-850C-B41A178C06F8}.job
[2010/02/18 16:37:34 | 000,000,558 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for clint.job
[2010/02/16 12:54:39 | 000,000,032 | ---- | M] () -- C:\Users\clint\AppData\Local\{C916D440-D489-4A79-B306-5FDC1E7932C0}.list
[2010/02/15 08:04:00 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/02/13 07:07:32 | 000,377,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/13 01:30:22 | 000,021,504 | ---- | M] () -- C:\Users\clint\Documents\Oh.doc
[2010/02/12 22:30:56 | 008,892,928 | ---- | M] () -- C:\ProgramData\atscie.msi
[2010/02/01 16:03:35 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
[2010/01/27 11:54:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

========== Files Created - No Company Name ==========

[2010/02/13 01:30:21 | 000,021,504 | ---- | C] () -- C:\Users\clint\Documents\Oh.doc
[2010/02/12 22:30:55 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2010/01/27 11:54:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/12/31 05:25:51 | 000,000,093 | ---- | C] () -- C:\Users\clint\AppData\Local\fusioncache.dat
[2009/09/25 08:09:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/03/08 19:15:45 | 000,000,176 | ---- | C] () -- C:\Users\clint\AppData\Roaming\burnaware.ini
[2009/03/01 17:31:32 | 002,392,064 | ---- | C] () -- C:\Windows\System32\videotrans.dll
[2009/03/01 17:31:32 | 000,215,040 | ---- | C] () -- C:\Windows\System32\videoformat.dll
[2009/03/01 17:31:31 | 000,061,440 | ---- | C] () -- C:\Windows\System32\imgscaler.dll
[2009/03/01 17:31:31 | 000,022,016 | ---- | C] () -- C:\Windows\System32\img_utils.dll
[2009/03/01 17:31:31 | 000,017,920 | ---- | C] () -- C:\Windows\System32\videocore.dll
[2009/03/01 17:31:28 | 000,128,512 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2009/03/01 17:24:43 | 000,000,067 | ---- | C] () -- C:\Windows\Easy Video to DVD.INI
[2009/01/24 05:53:13 | 000,000,094 | ---- | C] () -- C:\Windows\family.ini
[2009/01/19 21:16:50 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dmdskres32.dll
[2009/01/19 21:16:41 | 000,135,168 | ---- | C] () -- C:\Windows\System32\deskperf32.dll
[2009/01/19 21:15:00 | 000,135,168 | ---- | C] () -- C:\Windows\System32\borlndmm32.dll
[2008/12/19 12:42:04 | 000,000,049 | ---- | C] () -- C:\Windows\qtw.ini
[2008/12/18 18:04:40 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2008/08/02 09:29:05 | 000,000,038 | ---- | C] () -- C:\Windows\KA.INI
[2008/07/03 06:46:56 | 008,899,439 | ---- | C] () -- C:\Program Files\robinson.doc
[2008/07/03 06:46:56 | 002,558,976 | ---- | C] () -- C:\Program Files\robinson.exe
[2008/07/03 06:46:56 | 001,943,040 | ---- | C] () -- C:\Program Files\rcfiles.exe
[2008/07/03 06:46:56 | 000,015,052 | ---- | C] () -- C:\Program Files\GETTIN~1.DOC
[2008/07/03 06:46:56 | 000,000,164 | ---- | C] () -- C:\Program Files\Support.url
[2008/06/19 23:00:56 | 000,181,248 | ---- | C] () -- C:\Windows\System32\HPEPCEnm.dll
[2008/04/17 10:33:50 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll
[2008/04/13 17:14:49 | 000,000,053 | ---- | C] () -- C:\Windows\WININIT.INI
[2008/04/13 17:14:42 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2008/04/05 07:38:47 | 000,000,080 | RHS- | C] () -- C:\Windows\System32\17013DBA86.dll
[2008/03/25 12:18:50 | 000,023,745 | ---- | C] () -- C:\Program Files\robinson.ini
[2008/02/05 14:58:42 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/16 11:58:42 | 000,000,161 | ---- | C] () -- C:\Program Files\PrintLog.txt
[2008/01/10 09:15:03 | 000,054,926 | ---- | C] () -- C:\Users\clint\AppData\Roaming\NMM-MetaData.db
[2007/12/05 05:56:20 | 000,008,944 | ---- | C] () -- C:\Users\clint\AppData\Local\d3d9caps.dat
[2007/10/02 19:24:19 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2007/10/02 19:24:18 | 000,000,048 | ---- | C] () -- C:\Windows\KPCMS.INI
[2007/10/02 17:57:55 | 000,000,032 | ---- | C] () -- C:\Users\clint\AppData\Local\{C916D440-D489-4A79-B306-5FDC1E7932C0}.list
[2007/10/01 18:34:22 | 000,000,063 | -H-- | C] () -- C:\ProgramData\Ts_infos.ini
[2007/08/11 14:30:01 | 000,139,264 | ---- | C] () -- C:\Windows\System32\RmCard.dll
[2007/08/11 14:30:01 | 000,028,672 | ---- | C] () -- C:\Windows\System32\Hookdll.dll
[2007/08/11 14:30:00 | 000,167,936 | ---- | C] () -- C:\Windows\System32\GTTunerCard.dll
[2007/07/28 10:22:21 | 000,003,020 | ---- | C] () -- C:\Users\clint\AppData\Roaming\wklnhst.dat
[2007/06/27 18:19:21 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI
[2007/06/18 00:04:12 | 000,217,088 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/06/18 00:04:11 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/06/16 17:55:33 | 000,189,440 | ---- | C] () -- C:\Users\clint\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/13 20:25:12 | 000,467,264 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/06/13 20:25:12 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2007/06/13 20:25:12 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2007/06/13 20:25:12 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/06/13 20:25:12 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2007/03/27 09:45:22 | 000,004,096 | ---- | C] () -- C:\Windows\System32\sysres.dll
[2007/01/26 02:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
[2007/01/26 02:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
[2006/11/07 13:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 21:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 21:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\AMV_DecDLL.dll
[2005/12/26 15:09:30 | 000,006,966 | ---- | C] () -- C:\Program Files\robinson.bmp
[2005/09/17 08:48:24 | 000,009,270 | ---- | C] () -- C:\Program Files\icon.bmp
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\System32\drivers\ADFUUD.SYS
[2004/01/15 16:43:00 | 000,001,497 | ---- | C] () -- C:\Program Files\fcvp_s.dat
[2004/01/15 16:43:00 | 000,001,319 | ---- | C] () -- C:\Program Files\fcvp_w.dat
[2002/12/23 10:41:24 | 000,014,946 | ---- | C] () -- C:\Program Files\math.dat
[1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1998/10/10 23:07:38 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll
[1998/01/12 02:00:00 | 000,040,448 | ---- | C] () -- C:\Windows\System32\REGOBJ.DLL
[1997/01/11 19:35:28 | 000,005,468 | ---- | C] () -- C:\Program Files\phonics.dat
[1997/01/11 19:35:28 | 000,002,396 | ---- | C] () -- C:\Program Files\vdrill.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\clint\Documents\Pat Benatar - Shadows Of The Night.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\clint\Desktop\Pat Benatar - Shadows Of The Night.mp3:Roxio EMC Stream
@Alternate Data Stream - 64 bytes -> C:\Users\clint\Desktop\Abbott and Costello in Little Giant DVDRip Occor avi.avi:TOC.WMV
@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:8C81B36D
< End of report >

rachelle01
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-02-18
OS OS : Windows Vista
Points Points : 24958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I think I have something really bad on my computer

Post by rachelle01 on 19th February 2010, 2:26 pm

OTL Extras logfile created on: 2/19/2010 8:21:42 AM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\clint\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.79 Gb Total Space | 20.86 Gb Free Space | 9.36% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.72 Gb Free Space | 47.24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 149.04 Gb Total Space | 110.28 Gb Free Space | 73.99% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CLINT-PC
Current User Name: clint
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- C:\Windows\System32\Cscript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\Cscript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\Cscript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\Cscript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\Cscript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\Cscript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\Cscript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\Cscript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\Cscript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\Cscript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" = C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun -- (Hewlett-Packard Company)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" = C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun -- (Hewlett-Packard Company)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C796ED-9F9A-41F3-BFC7-0FBBACC3DE1D}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{04EDED95-5E59-4B3F-9B0F-98BAB69D1CAE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0588A8DA-B095-4838-BE37-CB3A42C1442B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0A296635-4A60-4BC6-B04C-F27129DBEB2F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0FDC5392-8CA5-4E5B-A1F6-F545C73B79C2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{10CDB429-C862-43FF-BAC6-F85D615DC681}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{11A1543A-709D-4D26-97D6-B72EDE43E985}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
"{14F78BF1-CC1A-4307-8833-8F8278BF0876}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{19843FBF-E8B0-4EF9-8FA5-4BBBFF723D00}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{23046448-F8BB-42C5-A911-2EF352AD6EFE}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{29628781-C584-4F2C-87F7-D42DC48EEFEC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{302808B7-2C1C-405E-ABEF-2DE91B762210}" = lport=3390 | protocol=6 | dir=in | app=system |
"{365FA2E9-A0D6-4B63-BCFC-6EB95B873D44}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{37F759B5-AC9F-4B6E-BD92-98EC635E6830}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{39D860BE-9D6B-4533-9165-6E0778559140}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3B8F52B5-BE98-4C97-B4B3-9246EE3E3CBB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{40D9DEC8-2BA0-4F76-8730-CD79DFFC11CF}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{447DD6C3-BDB5-46B8-A533-6701EF4B2016}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{4D74E74F-27D5-447C-ACAB-E33249462CBA}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{536DF357-0419-49FA-96EB-7C4D25F09F47}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{571EA1CE-69AD-43D0-AA8D-46AC59A54E17}" = rport=5358 | protocol=6 | dir=out | app=system |
"{5A2D32A6-E760-45ED-923F-5A499ABD5FD6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5BEBD13F-B233-4400-8045-80CFC337F881}" = rport=10244 | protocol=6 | dir=out | app=system |
"{5E2CFF07-319C-49C1-9AC8-E6411FD6ED91}" = rport=5357 | protocol=6 | dir=out | app=system |
"{62B4F423-1533-4BE3-9BB2-A90CED796295}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{6B5FC07E-AABB-4715-ADC6-24C109421877}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6DDFAF12-06DD-4B3D-A0BD-BB174A32F3DB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{766CA016-E139-45D6-93EA-12805EE2A5AB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{79D7A2F9-31AF-4CE0-B6D2-7EBF34A2F948}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7C1AAF5E-CF76-4C8F-9139-F7E33CF2DA60}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7F7BD60A-912B-4ACC-B247-D9F1DF172C5D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8462155F-0244-4970-9097-4904602A1098}" = lport=2869 | protocol=6 | dir=in | app=system |
"{86F66046-2ECF-47D1-BBD4-2704263B6CF6}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{87C27124-815D-4641-A1FE-0B19E50918A6}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9178D294-F606-457A-96A7-E783C51D10A2}" = lport=5358 | protocol=6 | dir=in | app=system |
"{93E9B11D-6860-4FAB-A2B4-621961A1A5EC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{95B01932-2D94-4FB9-9A71-946B557CEBD0}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{96784559-294A-4527-8781-E39CF1986EB9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9695B9FA-6D88-4415-B4A1-F9F79F336DCF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9A926BF0-0553-4E1B-905E-9587B8E82EF4}" = lport=10244 | protocol=6 | dir=in | app=system |
"{9C20F047-D4D2-4B9C-830B-8F9FC80B52AE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A09EB573-E65E-47BA-87D1-090936B98A6A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B22359FF-5055-4826-B5B4-8B05C1C49D56}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B80053E5-80B9-438A-9F53-25ED02B313C9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C66D7BEB-543B-4A1A-8510-D5B86449C5D4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C749A60A-E3B7-41D0-AC1A-9EBBFE36E3DC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C9C6923D-6D5E-437F-884D-8F84898DCC74}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CA8AB113-0E9B-4A1B-AE3B-4CDFCD982BB8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{CDEDF153-8232-4272-93B8-D67A5811F229}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D186BAC8-4993-4B38-AD4B-FC6DC1A08E11}" = lport=5357 | protocol=6 | dir=in | app=system |
"{D563D28F-A1B5-4FF3-9A5D-03D936BBDF01}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{D5763628-9A9B-4A6F-AD35-A3152B9C8CC1}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{D9807B27-8379-42E1-A9BB-1D938DB8273F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D9E857B4-5B21-4F93-A12E-C260FD255AD4}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{DC378325-7778-4D14-9F14-7A79916405E2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DC3B12FF-0750-4990-8FCE-8F3090839F07}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DFEC5748-5F45-4A3B-8C3E-F29A67963A44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E06BA797-CC8C-4BC1-91AE-29D453664274}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E110C5C7-9E08-40B1-BA86-7137DB8797E0}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E148CC61-2D6C-4D1B-B9E9-C069226975AC}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{E362CB5E-DB22-4DB5-AE1D-1E77713122A4}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{F243A491-B2FD-487E-BAEE-DDFBF5181D56}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{FDA0CFEF-49EA-4445-8056-2043F56E465D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A179ED-A9B4-4F87-89A2-AF0793F9E182}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{037FCB3C-2A11-4033-BF5F-5460AE31EA57}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{08785849-F8AE-41D0-A7F4-F573AD2A474D}" = protocol=17 | dir=in | app=c:\program files\alwil software\avast4\ashavast.exe |
"{09FA137B-6250-49AB-9CA1-91CCCF4CF0A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0A94779F-5FE7-4560-91DA-DF96C1A12551}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{10717681-DC25-41FD-80E7-EAA8D8EC2FEC}" = protocol=6 | dir=in | app=c:\program files\alwil software\avast4\ashavast.exe |
"{115156EE-3F2E-408A-A6FE-8887C94D2DED}" = protocol=17 | dir=in | app=c:\program files\roxio\digital home 9\roxioupnprenderer9.exe |
"{11E629A5-842F-4FC0-82C6-38AF09D8177F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{132ADC95-7051-45FF-B92F-D2F039FAC716}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{214C84C3-1E62-4A9E-A0A5-037E7B45599D}" = protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{217E369E-7DB4-4BF3-945D-DAB8974A9D11}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{2221D739-B625-47D7-80FA-CF7D6CADDBAA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2306B806-BCA9-4933-AE26-2CAB199D95CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{24397013-6B20-40A6-922F-2F50114A95BE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2442A7D9-BA97-42E8-B3AC-154FA37D69E3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2FD412A1-322E-4004-A253-1776B6566457}" = protocol=6 | dir=out | app=system |
"{31B57AAE-D2CC-4C06-BD2B-F622708AECEA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{34DA49C6-92CA-4943-ABB8-852B913257BB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3913AECC-2044-4760-88E3-4BE99D23B3BE}" = protocol=6 | dir=out | app=system |
"{3B9E89AE-2703-4ABD-A343-51373C721147}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{3D39244D-A723-4AEA-921E-16BD76E2A4B9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{40E00094-1C3E-4F87-929E-41F344C6F7B3}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{411466A7-FF3A-4AE2-8399-E97FEBB4815C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4294F648-E878-4068-87AD-3B277562C88D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{498CEC5E-B22E-4065-8E96-37CEF898FFD0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4FD0A1F9-AE1F-4CEA-BA76-AD0440A34F50}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{55F768FD-BA01-40BF-99CF-BD7E77BBE6FC}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{5DF5B3A8-B91B-4E3B-8968-CB983D402F03}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{5EC17DA7-7DCE-4FBC-8E3F-644824D03A25}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5FAC16DA-131F-4C04-B569-CE7D57C345BA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5FF4FBB4-33CB-4FAD-8C16-92399772D46F}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{60A9F63D-566D-4A60-ABEE-8122661AB5DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6DC2D880-3D39-4E54-A873-258FDA6B1A14}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6E63C071-3099-4F48-81D8-EF35B39083D3}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{735FD119-3591-4F9F-9D9E-7D43E67A7959}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{75384940-7E55-4DC1-AF71-DE08D2515A61}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{7568CA11-9E35-4960-82AE-9ED8C7E6F9F7}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{76843041-5F0E-4496-B727-3A2B99B9BE92}" = protocol=6 | dir=in | app=c:\program files\arcsoft\totalmedia\totalmedia.exe |
"{78E09BBA-5188-4410-B2A5-A4C3D77A9D16}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\pmsregisterfile.exe |
"{7C4D547D-EDD6-423E-A558-76E8E7FC5824}" = protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{7FFEC8EE-2994-4412-B43A-142EAFAD6E69}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8092C706-23A8-4BAA-BE4A-73B0AF3599D0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{81A110AD-76F3-4C2E-BDEF-B6E6ED9DD1CE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{82FD45ED-0C17-457D-BC0F-169B0117DF82}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{86BE1862-AEC9-4411-A874-FC61F850DC08}" = protocol=6 | dir=out | app=system |
"{8E72E440-F63F-452C-994B-94E2DA170701}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{930CA890-8809-4752-A521-2DA8839ECC30}" = protocol=17 | dir=in | app=c:\program files\essentials codec pack\update.exe |
"{943E4B9B-B789-4EDC-AB48-555EACAF9CA8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{944ECDDC-9D5D-4011-8B69-C1E419B3FAFA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{98B08F76-8A5F-4787-A43D-D8D2CF774BFD}" = protocol=6 | dir=in | app=c:\program files\roxio\digital home 9\roxioupnprenderer9.exe |
"{9A39C259-7DD7-4AA3-B6C8-59FBBB0CFA4C}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{9BD6B9A6-3614-43D1-B40A-E4338595D517}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{9D5C82C3-66F9-4017-B575-9F17CD3792CD}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{A0A13DD7-6502-449A-A862-0CBE0356D172}" = protocol=17 | dir=in | app=c:\program files\mediamall\mediamallserver.exe |
"{A4D5333E-18A9-401F-928D-7CF0A5097280}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{AA518094-FB3F-4A14-B327-F18DE6EF168F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AC06216A-7E0A-4271-9E03-FEFA75FA5A84}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B05E7D75-8C6E-409B-9B10-8413EA5C6B0C}" = protocol=6 | dir=out | app=system |
"{B3E99EF0-1B51-4150-98F4-F498AAEABFAB}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{B50F3121-FE02-4661-8C01-760B2881B0CB}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{B5DB4200-DA16-4D85-8698-9862D1973EEE}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{B76163B1-4717-47AD-A629-7C83FD9879DC}" = protocol=6 | dir=in | app=c:\program files\essentials codec pack\update.exe |
"{BEDC3246-BF92-4FCF-B5B6-7C5EB940FAFF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C38E03BD-9287-47DD-B20D-EC2D15E79462}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{CAB0E3B6-A287-4201-AD63-A954D1AF67BC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CE621C4D-9284-42A1-9C86-41931F07D074}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF4E5BFE-550A-49A0-AE45-CB82F594F19D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D0990BB4-143E-453B-B1E7-D8D7C09DB4D1}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{D2B41BC5-54B5-4E5F-AB0E-0DE39B39DC5B}" = protocol=6 | dir=in | app=c:\program files\mediamall\mediamallserver.exe |
"{D8374C83-A5E2-4360-95E4-7D25E5B0FD18}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{D972AC64-F015-4388-B53E-BDD573697978}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DB1928E7-5383-41C4-8FC0-6F2FEB8D4EC9}" = protocol=17 | dir=in | app=c:\program files\arcsoft\totalmedia\totalmedia.exe |
"{DC9569FA-8D8F-45F7-B241-327AFD759BF7}" = protocol=17 | dir=in | app=c:\program files\adobe\photoshop elements 5.0\adobephotoshopelementsmediaserver.exe |
"{E07FD305-7F22-4854-B3D0-8BBEDF4F49CC}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{E0D2C688-C8BF-4C0B-B7B3-16283FEC0B75}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E325EF83-C0E0-4EEC-9D9A-449045BC3E80}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\pmsregisterfile.exe |
"{E80D2A51-65A3-4005-B9FA-2EEA1B1F240E}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{E9A9D09B-1942-4E8A-9ED1-650CE4AFCC7B}" = protocol=6 | dir=in | app=c:\program files\roxio\digital home 9\roxioupnprenderer9.exe |
"{F2AB08D0-7340-4D31-B583-F163760CACC5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F92A3E09-2FAE-4A91-BAFF-03BE11048B79}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F9DEFC57-ADBB-4B0F-A3E9-D620FD9F6938}" = protocol=6 | dir=in | app=c:\program files\adobe\photoshop elements 5.0\adobephotoshopelementsmediaserver.exe |
"{FA3DF2A6-A3FD-4437-B8DB-717E9058F0A9}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{FE67A3C3-44EB-482C-B5E7-8776A53139E7}" = protocol=17 | dir=in | app=c:\program files\roxio\digital home 9\roxioupnprenderer9.exe |
"{FF7F5C7A-9BD3-4AB4-B4DE-5DFE67ACFA64}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{FFB69F1B-7F8B-4E30-9F9A-97F0757DF028}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{2B7D5650-C4D2-42BC-9530-A9C34630B576}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{32362BE2-5C3A-4E79-BE0B-2D37BC051B59}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{3AE0C480-B19F-4E94-A499-11EC6A008B41}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{5D6D1D43-1053-4806-8AFE-70BB413435B8}C:\program files\google\google desktop search\googledesktop.exe" = protocol=6 | dir=in | app=c:\program files\google\google desktop search\googledesktop.exe |
"TCP Query User{68403707-C478-450C-A840-812693E067C0}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{854E2B84-2F25-4CCE-ACC1-783078906568}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{8CE0F83C-1DF0-4E8A-8F77-99A82612CD0A}C:\program files\palm\hotsync.exe" = protocol=6 | dir=in | app=c:\program files\palm\hotsync.exe |
"TCP Query User{9C4A6388-5834-4D41-A2A2-A2E3519700C3}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{D149AB0E-080E-4B73-BD19-110915F76280}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{D4AF6E9A-834D-4C29-8835-E5DDE7750439}C:\program files\roxio\media manager 9\mediamanager9.exe" = protocol=6 | dir=in | app=c:\program files\roxio\media manager 9\mediamanager9.exe |
"UDP Query User{2D9D9F98-3C79-4B81-8F28-9B7AF328CBEB}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{57581DF8-02DB-4EA4-B0F0-538D290D62F2}C:\program files\palm\hotsync.exe" = protocol=17 | dir=in | app=c:\program files\palm\hotsync.exe |
"UDP Query User{7944E8D1-186B-400C-9897-1750AAC0AA45}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{94DB9E8D-0973-4583-A959-0E660437DE55}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{A0DE64E4-53E1-43D4-BC0E-9869AE464B5D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A75DA069-FCDA-4EDB-BFB9-105DE4012833}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{B7AACF3D-9627-4C46-AE87-90AC54D45342}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{C675454F-7310-46B5-BAC7-6A3CFEF4FDF7}C:\program files\roxio\media manager 9\mediamanager9.exe" = protocol=17 | dir=in | app=c:\program files\roxio\media manager 9\mediamanager9.exe |
"UDP Query User{C9E49C07-C53E-4EBA-88C7-996D159BA627}C:\program files\google\google desktop search\googledesktop.exe" = protocol=17 | dir=in | app=c:\program files\google\google desktop search\googledesktop.exe |
"UDP Query User{F7123A5E-8642-48B2-9DDF-7CF58552976B}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{020CF65F-700F-4E55-AFB7-97024584A2B3}" = Events Communication Components
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{09D5D2C6-5B0E-4899-A287-4DA97F78ABCE}" = Torrent Episode Downloader
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{11964613-805F-432D-A12B-169554B793E7}" = Nokia Connectivity Cable Driver
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1AD473D7-7A47-5AEC-B45D-9B87414E7175}" = Digital Video Converter v1.2.0.16
"{1EAE1407-9CD7-4E5E-8BA4-0826D9E6001C}" = Math Resource Studio
"{21DDC579-834B-4C14-8122-853994FA2214}" = NikonCapture
"{23EC57FD-ABB3-4120-ABD4-064EFE9D7715}" = Brain Power
"{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}" = EPSON TWAIN 5
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{2877881B-0736-42AB-B312-D4457D57E56D}" = BlackBerry Device Software Updater
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{3A791D1D-ED8F-4E52-878F-92559EE406C7}" = Vocabulary Worksheet Factory 4
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{41915A51-6F92-4F0E-87C4-8178785B96CC}" = HP Printer Settings Tools
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{49782B2F-49AE-423D-85D6-4EE7019CEA13}" = HP Easy Printer Care
"{4EDB1CA5-983F-4FC3-A8E3-E34981E05A60}" = Pinnacle VideoSpin
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{5BA1D11C-B981-4CAA-B2B5-B8ADF413EBA5}" = Pure Networks Platform
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{60CB9E70-7F26-47A3-B6FB-9A2A520C11F3}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8310 smartphone
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}" = Roxio Media Manager
"{67183F00-3DDC-497B-A090-4E2B79EAF1CD}" = Photo Viewer
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B566EFE-DC1D-471F-93DD-84832663F140}" = OVT Scanner X86
"{6BBBF237-A114-48E6-BBD0-A52BEF9CCFB2}" = Cisco Network Magic
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{7527CD9F-894E-47B3-9AFB-3E680E007051}" = HP Proactive Services
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.18
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}" = BlackBerry Desktop Software 4.2.2
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1E98303-102A-46FB-A2D0-3838C3F64DF2}" = Core Communication Components
"{A21E4E43-9238-4C5F-8CD0-2D1C091A760A}" = QuickVerse 2008
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite
"{AC2716A6-9985-43D2-AD36-DA6F1FF1F386}" = TM Control
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C01408FC-117C-44B7-8B0C-17794E526A01}" = Disc2Phone
"{C0A8F64F-36C8-489F-B813-90D60B541D1E}" = Device Data Communication Components
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D4ADD3F1-17A2-4EF3-9D04-E563E046632A}" = ArcSoft TotalMedia
"{D5842AC3-59C7-4DDD-BB33-54FE544DB3DA}" = Operating System Communication Components
"{DA71A94B-3617-4935-8BBE-1566B2174C95}" = Drv
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E9AE9A91-AB45-4321-87BD-AD34855D944F}" = Chessmaster 10th Edition
"{ECB904FE-CB4D-40A4-A884-E278410F0CE1}" = HP Printer Usage Report
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F5AA9882-1E01-4B63-A93C-B75112A6B095}" = PlayOn 2.59.3302
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F63A3F0E-BE83-43E4-A9A2-153E877A857C}" = McGraw-Hill's GED
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"24894EA20BE8E62AA4FC3DD3AA85785356B52BF5" = Windows Driver Package - Nokia Modem (08/08/2007 3.3)
"4077F884D1BB007055BDB83B621D87220A73F30F" = Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
"819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"AVIConverter" = AVIConverter 3.0
"Azureus Vuze" = Azureus Vuze
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"BFGC" = Big Fish Games: Game Manager
"BFG-Sally's Spa" = Sally's Spa
"BlackBerry_{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}" = BlackBerry Desktop Software 4.2.2
"BlazePhoto 2.0_is1" = BlazePhoto 2.0
"BurnAware Free_is1" = BurnAware Free 2.3.1
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
"Cities of Earth 3D Screensaver_is1" = Cities of Earth 3D Screensaver v. 2.0
"Cool Timer_is1" = Cool Timer 3.6
"dtopdrms Screen Saver" = dtopdrms Screen Saver
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Eyewitness Encyclopedia of Nature 2.0" = Eyewitness Encyclopedia of Nature 2.0
"Free RAR Extract Frog 1.00" = Free RAR Extract Frog 1.00
"Free Videos To DVD_is1" = Free Videos To DVD V2.1
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Easy Printer Care" = HP Easy Printer Care
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{E9AE9A91-AB45-4321-87BD-AD34855D944F}" = Chessmaster 10th Edition
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"InstallShield_{F63A3F0E-BE83-43E4-A9A2-153E877A857C}" = McGraw-Hill's GED
"LimeWire" = LimeWire 4.16.6
"Math 7 Teaching Textbook" = Math 7 Teaching Textbook
"Mavis Beacon Teaches Typing Deluxe 17" = Mavis Beacon Teaches Typing Deluxe 17
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Network MagicUninstall" = Network Magic
"Nokia PC Suite" = Nokia PC Suite
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"OVT Scanner" = Uninstall OVT Scanner
"PanoramaStudio" = PanoramaStudio 1.5 (uninstall)
"PC Pitstop Exterminate2_is1" = PC Pitstop Exterminate2 2.0
"PCFriendly" = PCFriendly
"PicaJet_is1" = PicaJet 2.5.0.488
"Picasa 3" = Picasa 3
"Quarter Mile Math Levels 1-3 IP" = Quarter Mile Math Levels 1-3 IP
"Robinson Curriculum" = Robinson Curriculum
"TagScanner_is1" = TagScanner 5.0 build 511
"USB MP3 Player WIN98 Drivers" = USB MP3 Player WIN98 Drivers
"Video to AVI MPEG MOV RM FLV iPod PSP 3GP Zune Converter_is1" = Video to AVI MPEG MOV RM FLV iPod PSP 3GP Zune Converter V2.1.2
"Walmart MP3 Music Downloads" = Walmart MP3 Music Downloads
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 1.0
"Xilisoft DVD Creator" = Xilisoft DVD Creator
"Xvid_is1" = Xvid 1.1.2 final uninstall
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 12/9/2009 4:39:41 AM | Computer Name = clint-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\clint\AppData\Roaming\Mozilla\Firefox\Profiles\0su737fw.default\cookies.sqlite-journal
failed, 00000005.

Error - 12/9/2009 11:29:21 PM | Computer Name = clint-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\clint\AppData\Roaming\Mozilla\Firefox\Profiles\0su737fw.default\cookies.sqlite
failed, 00000005.

Error - 12/11/2009 2:28:00 AM | Computer Name = clint-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\clint\AppData\Roaming\Mozilla\Firefox\Profiles\0su737fw.default\cookies.sqlite
failed, 00000005.

Error - 12/11/2009 6:59:07 PM | Computer Name = clint-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\clint\AppData\Roaming\Mozilla\Firefox\Profiles\0su737fw.default\cookies.sqlite-journal
failed, 00000005.

Error - 12/12/2009 1:57:49 AM | Computer Name = clint-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\clint\AppData\Roaming\Mozilla\Firefox\Profiles\0su737fw.default\cookies.sqlite
failed, 00000005.

Error - 12/15/2009 11:17:32 PM | Computer Name = clint-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\clint\AppData\Roaming\Mozilla\Firefox\Profiles\0su737fw.default\cookies.sqlite
failed, 00000005.

Error - 12/16/2009 10:53:29 AM | Computer Name = clint-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\clint\AppData\Roaming\Mozilla\Firefox\Profiles\0su737fw.default\cookies.sqlite
failed, 00000005.

Error - 12/16/2009 3:25:08 PM | Computer Name = clint-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\clint\AppData\Roaming\Mozilla\Firefox\Profiles\0su737fw.default\cookies.sqlite-journal
failed, 00000005.

Error - 12/17/2009 2:09:57 PM | Computer Name = clint-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\clint\AppData\Roaming\Mozilla\Firefox\Profiles\0su737fw.default\cookies.sqlite
failed, 00000005.

Error - 2/18/2010 8:48:54 PM | Computer Name = clint-PC | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

rachelle01
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-02-18
OS OS : Windows Vista
Points Points : 24958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I think I have something really bad on my computer

Post by Belahzur on 19th February 2010, 8:47 pm

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\Run: [mqjwafft] C:\Users\clint\AppData\Local\qqbsun\marjsftav.exe ()
    [2010/02/17 12:37:37 | 000,000,000 | ---D | C] -- C:\Users\clint\AppData\Local\qqbsun



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I think I have something really bad on my computer

Post by rachelle01 on 19th February 2010, 9:12 pm

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mqjwafft deleted successfully.
C:\Users\clint\AppData\Local\qqbsun\marjsftav.exe moved successfully.
C:\Users\clint\AppData\Local\qqbsun folder moved successfully.

OTL by OldTimer - Version 3.1.30.1 log created on 02192010_151149

rachelle01
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-02-18
OS OS : Windows Vista
Points Points : 24958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I think I have something really bad on my computer

Post by Belahzur on 19th February 2010, 9:27 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Azureus Vuze
    Java(TM) SE Runtime Environment 6
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    LimeWire 4.16.6

  • Click on the Uninstall/Change button at the top.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I think I have something really bad on my computer

Post by rachelle01 on 19th February 2010, 9:44 pm

Looks like it worked! Thanks so much for your help.

I got everything removed, my husband may just reinstall it but it is off for the time being.

Thanks again, I really do appreciate your help. My husband thought the computer was toast.

rachelle01
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-02-18
OS OS : Windows Vista
Points Points : 24958
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I think I have something really bad on my computer

Post by Belahzur on 19th February 2010, 11:12 pm

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I think I have something really bad on my computer

Post by rachelle01 on 20th February 2010, 5:38 am

Will do everything you reccomended and fill out the form too. I can't thank you enough!
Have a great weekend!

rachelle01
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-02-18
OS OS : Windows Vista
Points Points : 24958
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum