Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJack This Log


  • This topic is locked This topic is locked
6 replies to this topic

#1 Elec-1

Elec-1

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:31 PM

Posted 25 March 2011 - 08:43 PM

Within the past year, my computer has started to run very slow and at times it's so slow it's almost unusuable. Also more often than not, the CPU usage spikes to 100 percent when nothing is open. And the often almost on high. I got a cheap laptop cooler which helps a little bit but I can still hear it working hard and the computer is still warm.

Anyway here's the system information.

Model: Dell XPS M1530
Processor: Intel Core 2 Duo T8100 @ 2.10 GHz
Memory (RAM): 4 GB
System Type: 32-bit Operating system

Oh, and I got it new back in December 2008.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:44:23 PM, on 3/25/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Users\JWillis\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Program Files\Common Files\Dell\apache\php.exe
C:\Windows\system32\cmd.exe
C:\Program Files\Common Files\Dell\apache\php.exe
C:\Windows\system32\cmd.exe
C:\Program Files\Common Files\Dell\apache\php.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101105203830.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\system32\Msdxm6.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4018005527-992730032-2583488031-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'RA Media Server')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Dell Remote Access.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Remote Access Media Server (Apache2.2) - Apache Software Foundation - C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Remote Access DB (dsl-db) - Unknown owner - C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe
O23 - Service: Remote Access File Sync Service (dsl-fs-sync) - SingleClick Systems - C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - C:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 11320 bytes


Attached File  hijackthis.log   11.06KB   0 downloads

Edited by Elec-1, 25 March 2011 - 10:22 PM.

The custom avatar was created for me by AnonymousMonster at DeviantArt.
http://anonymousmonster.deviantart.com/

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:31 AM

Posted 31 March 2011 - 07:19 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Elec-1

Elec-1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:31 PM

Posted 01 April 2011 - 05:17 PM

I have kind of found a temporary solution by disabling mysqld.exe. However I found out that thing is my database and that while it doesnt' have to be running all the time, that something could be using it. It was eating up 70% of my CPU while it was running, and when I disabled it, my computer's performance increased significantly. So while I'm not having any problems at the moment, I still might have something on my computer that shouldn't be there.

So I'll go ahead and run OTL sometime tonight.

EDIT: Ok here they are:


OTL.Txt

OTL logfile created on: 4/2/2011 12:36:31 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\JWillis\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 201.07 Gb Free Space | 70.43% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.73 Gb Free Space | 47.29% Space Free | Partition Type: NTFS

Computer Name: JWILLIS-PC | User Name: JWillis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/01 17:46:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\JWillis\Desktop\OTL.exe
PRC - [2011/03/27 13:22:45 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2011/03/18 13:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/24 21:38:09 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2011/01/17 17:15:32 | 001,155,768 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2011/01/13 04:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/10/08 10:01:14 | 000,010,408 | ---- | M] (Microsoft) -- C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
PRC - [2010/09/30 13:10:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/04/13 00:29:22 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/05 17:19:10 | 000,824,560 | ---- | M] (Dell Inc.) -- C:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
PRC - [2009/01/05 17:19:08 | 000,173,296 | ---- | M] (SingleClick Systems) -- C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
PRC - [2008/12/10 15:44:05 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2008/10/04 15:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/02/22 19:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/01/25 01:42:18 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/01/25 01:42:14 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/01/25 01:42:14 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/01/25 01:42:14 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/01/20 22:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/03 00:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/12/03 00:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/21 13:26:34 | 000,015,872 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
PRC - [2007/04/17 01:05:52 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
PRC - [2007/04/17 00:55:00 | 000,053,776 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\psqltray.exe
PRC - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 15:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/11/03 19:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe


========== Modules (SafeList) ==========

MOD - [2011/04/01 17:46:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\JWillis\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [1999/03/29 07:34:06 | 000,110,595 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Msscript1.ocx


========== Win32 Services (SafeList) ==========

SRV - [2011/03/27 13:22:45 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/08 12:25:04 | 001,405,384 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/01/13 04:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/10/08 10:01:14 | 000,010,408 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe -- (AbsoluteNotifier)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/04/13 00:29:22 | 000,057,752 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/06/19 16:01:22 | 000,024,576 | ---- | M] (Atribune.org) [On_Demand | Stopped] -- C:\Windows\System32\VundoFixSVC.exe -- (VundoFixSvc)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/05 17:19:10 | 000,824,560 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2009/01/05 17:19:08 | 000,173,296 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe -- (dsl-fs-sync)
SRV - [2008/12/10 16:12:15 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/12/10 15:44:05 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008/10/04 15:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/02/04 17:26:48 | 000,062,768 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 00:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/12/03 00:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/21 13:26:34 | 000,015,872 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Common Files\Dell\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2007/09/14 13:35:04 | 005,730,304 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe -- (dsl-db)
SRV - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/02/04 10:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/01/13 04:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 04:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 04:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 04:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 04:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/03 05:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 22:28:54 | 000,164,840 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 22:28:54 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/03/29 16:15:10 | 000,014,416 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Users\JWillis\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/06/16 15:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/02 13:12:02 | 000,177,416 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PavProc.sys -- (PavProc)
DRV - [2008/07/03 09:41:54 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/06/17 14:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2008/03/04 15:59:42 | 000,041,144 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ShlDrv51.sys -- (ShldDrv)
DRV - [2008/03/04 01:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2008/03/04 01:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2008/01/25 01:42:14 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/12/03 00:28:08 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/07 05:27:32 | 000,209,408 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ianvstor.sys -- (iaNvStor) Intel®
DRV - [2007/09/07 02:35:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/07 02:35:44 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/07 02:35:42 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4018005527-992730032-2583488031-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3081210
IE - HKU\S-1-5-21-4018005527-992730032-2583488031-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-4018005527-992730032-2583488031-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3081210
IE - HKU\S-1-5-21-4018005527-992730032-2583488031-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4018005527-992730032-2583488031-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4018005527-992730032-2583488031-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bulbapedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: {9814c216-0476-4bcc-8f17-53978e414586}:0.9.3
FF - prefs.js..extensions.enabledItems: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: morningCoffee@shaneliesegang:1.33
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: CrystalFox_Qute@BigRedBrent:3.7
FF - prefs.js..extensions.enabledItems: {dd30bf68-268a-4815-ad48-8740b774c764}:5.0.0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 20:41:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 20:41:15 | 000,000,000 | ---D | M]

[2008/12/13 20:25:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JWillis\AppData\Roaming\Mozilla\Extensions
[2011/03/31 18:19:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JWillis\AppData\Roaming\Mozilla\Firefox\Profiles\ril2vo29.default\extensions
[2010/03/26 01:27:44 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\JWillis\AppData\Roaming\Mozilla\Firefox\Profiles\ril2vo29.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/04/27 14:00:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\JWillis\AppData\Roaming\Mozilla\Firefox\Profiles\ril2vo29.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/18 15:03:28 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\JWillis\AppData\Roaming\Mozilla\Firefox\Profiles\ril2vo29.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2008/12/24 00:26:34 | 000,000,000 | ---D | M] (Denimfox) -- C:\Users\JWillis\AppData\Roaming\Mozilla\Firefox\Profiles\ril2vo29.default\extensions\{6032AA22-F6B2-11DC-8F07-A83F56D89593}
[2011/01/05 11:53:26 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\JWillis\AppData\Roaming\Mozilla\Firefox\Profiles\ril2vo29.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(191)
[2010/11/12 16:17:44 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\JWillis\AppData\Roaming\Mozilla\Firefox\Profiles\ril2vo29.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(450)
[2009/11/07 11:26:47 | 000,000,000 | ---D | M] ("Cookie Button in the status bar") -- C:\Users\JWillis\AppData\Roaming\Mozilla\Firefox\Profiles\ril2vo29.default\extensions\{9814c216-0476-4bcc-8f17-53978e414586}
[2010/01/08 13:35:17 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\JWillis\AppData\Roaming\Mozilla\Firefox\Profiles\ril2vo29.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2011/03/24 19:12:28 | 000,000,000 | ---D | M] (WOT) -- C:\Users\JWillis\AppData\Roaming\Mozilla\Firefox\Profiles\ril2vo29.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/12/24 21:13:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\JWillis\AppData\Roaming\Mozilla\Firefox\Profiles\ril2vo29.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(192)
[2011/03/12 14:02:19 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\JWillis\AppData\Roaming\Mozilla\Firefox\Profiles\ril2vo29.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011/01/08 14:04:16 | 000,000,000 | ---D | M] (Arctic Glow) -- C:\Users\JWillis\AppData\Roaming\Mozilla\Firefox\Profiles\ril2vo29.default\extensions\arcticglow-ff3-30@glowplug.bitasylum(190).net
[2009/07/09 01:29:32 | 000,000,000 | ---D | M] (CrystalFox Qute) -- C:\Users\JWillis\AppData\Roaming\Mozilla\Firefox\Profiles\ril2vo29.default\extensions\CrystalFox_Qute@BigRedBrent
[2010/11/20 12:37:13 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\JWillis\AppData\Roaming\Mozilla\Firefox\Profiles\ril2vo29.default\extensions\firefox@ghostery(449).com
[2011/03/12 14:03:45 | 000,000,000 | ---D | M] (Personas) -- C:\Users\JWillis\AppData\Roaming\Mozilla\Firefox\Profiles\ril2vo29.default\extensions\personas@christopher.beard
[2008/12/13 22:08:21 | 000,001,431 | ---- | M] () -- C:\Users\JWillis\AppData\Roaming\Mozilla\Firefox\Profiles\ril2vo29.default\searchplugins\bulbapedia-en.xml
[2008/12/16 00:59:45 | 000,000,891 | ---- | M] () -- C:\Users\JWillis\AppData\Roaming\Mozilla\Firefox\Profiles\ril2vo29.default\searchplugins\dictionarycom.xml
[2009/02/04 13:06:08 | 000,001,504 | ---- | M] () -- C:\Users\JWillis\AppData\Roaming\Mozilla\Firefox\Profiles\ril2vo29.default\searchplugins\imdb.xml
[2008/12/16 18:55:40 | 000,002,109 | ---- | M] () -- C:\Users\JWillis\AppData\Roaming\Mozilla\Firefox\Profiles\ril2vo29.default\searchplugins\youtube-video-search.xml
[2011/03/24 20:41:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/15 15:42:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/28 22:06:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\JWILLIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RIL2VO29.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\JWILLIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RIL2VO29.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JWILLIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RIL2VO29.DEFAULT\EXTENSIONS\MORNINGCOFFEE@SHANELIESEGANG.XPI
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/08/26 18:52:30 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/05/09 14:43:50 | 000,393,089 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13577 more lines...
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101105203830.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\System32\Msdxm6.ocx (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Fingerprint Reader Suite\launcher.exe (UPEK Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4018005527-992730032-2583488031-1000..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4018005527-992730032-2583488031-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-4018005527-992730032-2583488031-1000\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\System32\Msdxm6.ocx (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\JWillis\Pictures\Needs_More_Sunset_by_grayfox64.jpg
O24 - Desktop BackupWallPaper: C:\Users\JWillis\Pictures\Needs_More_Sunset_by_grayfox64.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{317a9180-d14a-11dd-b002-00219bf668be}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{68f3b812-c967-11dd-aa74-002269c21b2f}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpReg: Absolute Notifier - hkey= - key= - C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe (Absolute Software)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: avast5 - hkey= - key= - C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
MsConfig - StartUpReg: dellsupportcenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: OEM02Mon.exe - hkey= - key= - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
MsConfig - StartUpReg: SigmatelSysTrayApp - hkey= - key= - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
MsConfig - StartUpReg: UpdReg - hkey= - key= - C:\Windows\Updreg.EXE (Creative Technology Ltd.)

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Reg Error: Value error.
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/04/01 17:46:34 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\JWillis\Desktop\OTL.exe
[2011/04/01 15:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/03/28 13:03:59 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\JWillis\Desktop\HijackThis.exe
[2011/03/27 13:57:30 | 000,000,000 | ---D | C] -- C:\Users\JWillis\Desktop\gmer
[2011/03/08 18:24:21 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/08 18:24:20 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/08 18:24:20 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/08 18:24:20 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/03/04 17:34:39 | 000,000,000 | ---D | C] -- C:\Users\JWillis\AppData\Local\ElevatedDiagnostics
[2011/03/04 17:06:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/03/04 17:06:53 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.0
[2011/03/04 16:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
[2009/03/13 16:38:18 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\JWillis\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2011/04/02 00:32:20 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/04/02 00:06:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/02 00:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/01 23:20:44 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/01 23:20:44 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/01 22:40:31 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A03C2125-CA8A-4216-9137-8CFAA06A82B1}.job
[2011/04/01 18:01:30 | 000,000,215 | ---- | M] () -- C:\Users\JWillis\Desktop\The Elder Scrolls IV Oblivion - Game of the Year Edition.url
[2011/04/01 17:54:47 | 000,000,215 | ---- | M] () -- C:\Users\JWillis\Desktop\Batman Arkham Asylum GOTY.url
[2011/04/01 17:46:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\JWillis\Desktop\OTL.exe
[2011/04/01 15:28:37 | 000,032,061 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/04/01 15:26:45 | 000,032,061 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/04/01 15:21:30 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2011/04/01 15:21:27 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2011/04/01 15:20:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/31 23:36:40 | 000,001,805 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/03/30 17:04:32 | 024,918,928 | ---- | M] () -- C:\Users\JWillis\Documents\burkedies.avi
[2011/03/30 15:36:43 | 000,001,539 | ---- | M] () -- C:\Users\JWillis\Application Data\Microsoft\Internet Explorer\Quick Launch\Paint.lnk
[2011/03/30 15:36:39 | 000,001,526 | ---- | M] () -- C:\Users\JWillis\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2011/03/30 15:36:23 | 000,001,577 | ---- | M] () -- C:\Users\JWillis\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2011/03/28 13:04:12 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\JWillis\Desktop\HijackThis.exe
[2011/03/27 17:03:08 | 000,000,000 | ---- | M] () -- C:\Users\JWillis\defogger_reenable
[2011/03/27 16:12:36 | 367,599,183 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/27 13:50:16 | 000,625,664 | ---- | M] () -- C:\Users\JWillis\Desktop\dds.scr
[2011/03/27 13:38:02 | 000,293,019 | ---- | M] () -- C:\Users\JWillis\Desktop\gmer.zip
[2011/03/25 18:28:38 | 000,001,526 | ---- | M] () -- C:\Users\JWillis\Desktop\Calculator.lnk
[2011/03/25 18:28:33 | 000,001,539 | ---- | M] () -- C:\Users\JWillis\Desktop\Paint.lnk
[2011/03/25 18:28:13 | 000,001,577 | ---- | M] () -- C:\Users\JWillis\Desktop\Notepad.lnk
[2011/03/24 21:41:06 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/03/24 20:42:15 | 000,000,872 | ---- | M] () -- C:\Users\JWillis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/24 20:42:14 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/24 19:23:21 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/24 19:23:21 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/14 10:57:23 | 000,000,680 | ---- | M] () -- C:\Users\JWillis\AppData\Local\d3d9caps.dat
[2011/03/13 21:55:24 | 000,040,960 | ---- | M] () -- C:\Users\JWillis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/04 16:52:03 | 004,390,912 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2011/03/04 16:52:02 | 000,131,072 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2011/03/04 16:52:02 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2011/03/03 18:39:50 | 000,004,695 | ---- | M] () -- C:\Users\JWillis\.recently-used.xbel

========== Files Created - No Company Name ==========

[2011/04/01 18:01:30 | 000,000,215 | ---- | C] () -- C:\Users\JWillis\Desktop\The Elder Scrolls IV Oblivion - Game of the Year Edition.url
[2011/04/01 17:54:47 | 000,000,215 | ---- | C] () -- C:\Users\JWillis\Desktop\Batman Arkham Asylum GOTY.url
[2011/03/30 15:36:43 | 000,001,539 | ---- | C] () -- C:\Users\JWillis\Application Data\Microsoft\Internet Explorer\Quick Launch\Paint.lnk
[2011/03/30 15:36:39 | 000,001,526 | ---- | C] () -- C:\Users\JWillis\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2011/03/30 15:36:23 | 000,001,577 | ---- | C] () -- C:\Users\JWillis\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2011/03/27 17:03:08 | 000,000,000 | ---- | C] () -- C:\Users\JWillis\defogger_reenable
[2011/03/27 15:00:29 | 367,599,183 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/03/27 13:50:10 | 000,625,664 | ---- | C] () -- C:\Users\JWillis\Desktop\dds.scr
[2011/03/27 13:37:50 | 000,293,019 | ---- | C] () -- C:\Users\JWillis\Desktop\gmer.zip
[2011/03/25 18:28:38 | 000,001,526 | ---- | C] () -- C:\Users\JWillis\Desktop\Calculator.lnk
[2011/03/25 18:28:33 | 000,001,539 | ---- | C] () -- C:\Users\JWillis\Desktop\Paint.lnk
[2011/03/25 18:28:13 | 000,001,577 | ---- | C] () -- C:\Users\JWillis\Desktop\Notepad.lnk
[2011/03/24 20:42:14 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/18 22:38:00 | 000,001,629 | ---- | C] () -- C:\Users\JWillis\Desktop\On-Screen Keyboard.lnk
[2011/03/09 19:18:53 | 024,918,928 | ---- | C] () -- C:\Users\JWillis\Documents\burkedies.avi
[2011/03/04 16:42:59 | 000,131,072 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2011/03/04 16:42:59 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2011/03/04 16:42:50 | 004,390,912 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2011/03/03 18:39:50 | 000,004,695 | ---- | C] () -- C:\Users\JWillis\.recently-used.xbel
[2011/01/24 11:54:31 | 000,000,680 | ---- | C] () -- C:\Users\JWillis\AppData\Local\d3d9caps.dat
[2010/12/16 12:33:45 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/09/08 15:25:20 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/29 15:33:23 | 000,001,827 | ---- | C] () -- C:\Windows\System32\msexcr.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/18 12:37:03 | 000,000,149 | ---- | C] () -- C:\Windows\wininit.ini
[2009/05/26 16:03:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/26 16:03:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/12/29 19:25:49 | 000,040,960 | ---- | C] () -- C:\Users\JWillis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/17 15:09:42 | 000,032,061 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/12/17 14:56:42 | 000,032,061 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/12/15 15:34:49 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2008/12/15 15:34:09 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2008/12/13 19:42:25 | 000,002,043 | ---- | C] () -- C:\Users\JWillis\AppData\Roaming\install.dat
[2008/12/10 17:16:49 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008/12/10 17:16:48 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/12/10 17:14:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/10 15:56:15 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/12/10 15:56:14 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/12/10 15:50:40 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/12/10 15:45:03 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2008/12/10 15:45:03 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2008/12/10 15:45:03 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2008/12/10 09:25:26 | 000,001,805 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/10/22 06:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008/02/03 19:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/03 19:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,270,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,684 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,101,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1998/06/14 03:53:26 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 22:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: WININIT.EXE >
[2008/01/20 22:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/20 22:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >

Extras.txt

OTL Extras logfile created on: 4/2/2011 12:36:31 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\JWillis\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 201.07 Gb Free Space | 70.43% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.73 Gb Free Space | 47.29% Space Free | Partition Type: NTFS

Computer Name: JWILLIS-PC | User Name: JWillis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4018005527-992730032-2583488031-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{038448F6-2D4E-4263-8038-86B47A92F72A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12FA351A-501D-4AAE-AA68-7D54BF3C4408}" = lport=138 | protocol=17 | dir=in | app=system |
"{1D7DFD1B-C2D3-43A7-8DDD-2B4E4E27F901}" = lport=40080 | protocol=6 | dir=in | name=remote access media server |
"{28658A5F-1D68-487C-A7FE-88C1A5E17E97}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A12E277-0B1F-4BE4-9CB8-A516577E8769}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D5D498E-713E-40DA-B6F5-0808663EB472}" = lport=40094 | protocol=6 | dir=in | name=streaming web cam |
"{4E24664E-5AAA-4A0A-992A-7A78AB531F08}" = rport=10243 | protocol=6 | dir=out | app=system |
"{513D9719-2226-400D-A2B3-D1207BDFDBAE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{668446F8-A9DD-486D-B847-2E526E9E2CE6}" = lport=137 | protocol=17 | dir=in | app=system |
"{8A4DAEAC-22B9-43A7-9CC9-55C56F15E902}" = lport=445 | protocol=6 | dir=in | app=system |
"{9481B3F2-C618-44F3-B4A3-993563F0B2E2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A31AE6BC-26BF-400E-BDFC-7AC555413B39}" = rport=139 | protocol=6 | dir=out | app=system |
"{A342243B-65B4-45C7-9389-44FF2FCDE899}" = rport=445 | protocol=6 | dir=out | app=system |
"{A347DFFC-CB72-4344-92EA-509E02C59077}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{ACD79051-BA56-49D7-AEA1-6E04031F93D9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AD7A04B4-05C0-48D7-B293-EB24EC44F4CA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C98D1735-C30B-489C-B97B-195B81151330}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DA1600DC-D5C4-45B3-B81B-93ECA703E9D1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E78ADC0E-911C-4282-AC6B-E6CD9974079D}" = rport=138 | protocol=17 | dir=out | app=system |
"{EDC9CC81-3CE6-4268-A00A-9A47359770F2}" = lport=139 | protocol=6 | dir=in | app=system |
"{FC833558-6832-40C9-8E5F-886E9D328C8B}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0106DB3D-1713-46E6-924C-20E6E9C9A27D}" = protocol=17 | dir=in | app=c:\program files\common files\dell\apache\php.exe |
"{0B400938-CF57-4443-A771-81A16153F8C1}" = protocol=17 | dir=in | app=c:\nexon\maplestory\maplestory.exe |
"{0F31BE6F-4D7F-43D2-A388-9E7836DB2E10}" = protocol=6 | dir=in | app=c:\nexon\maplestory\maplestory.exe |
"{13C15342-256E-4430-8895-AC4931CE22B2}" = protocol=17 | dir=in | app=c:\program files\common files\dell\apache\bin\httpd.exe |
"{1539237A-5222-401A-9971-F6D7A1E03971}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{15AA73BE-9D7B-4C67-A9E5-90E591BE1577}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{19200924-F7C1-4CAC-92B7-68C8F7513773}" = protocol=6 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysqld.exe |
"{2D08A45B-6115-4CDD-ADAE-E3063BE957FF}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{30B2F21A-093D-4AD0-851E-87A59187C18B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{30FF6866-7C9C-4D8C-B8AB-0C6956FF8728}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{33DC2A77-A2B0-4CF9-91AF-AE9B41468DAD}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{37B4647F-D96C-4ED3-92F6-F67CC4FD1C2B}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{413FB920-E1AC-4F0A-BE4A-4344F138B1AB}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{446E8A54-B597-4D14-8313-88917212FE9B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{55F7EE51-AF78-48F2-AEA8-6739DC0CF5A7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{60F5E299-3DF9-4D2B-B2F1-C266B0041833}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6BA05570-4C94-4195-ACC2-A190640551A2}" = protocol=6 | dir=in | app=c:\program files\bradford networks\persistent agent\bndaemon.exe |
"{713EB969-A211-40FE-BCD1-82D752FFDC24}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{77D6721A-D8BC-46D7-ADA5-D4BD99C4A8AE}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7E741C90-B720-45F4-970B-F484EDD1975B}" = protocol=6 | dir=in | app=c:\program files\common files\dell\apache\bin\httpd.exe |
"{7F3C458B-F549-43B1-B069-DFE716E70255}" = protocol=17 | dir=in | app=c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{8CDD55D8-6901-48FC-ABC0-8F7A4B8EBBBF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8F262E2E-B55A-493F-937F-D053A1B65EC2}" = protocol=6 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
"{9143C7A4-D261-46AF-BCE4-34B3BB7CC558}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{92FC3516-B317-41DE-A4A8-C236916891E1}" = protocol=6 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
"{932500F5-5C10-4461-96B6-11959BA96D47}" = protocol=17 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
"{956CE259-81E3-40CE-86CA-2981A2C74EEB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\fallout 3 goty\falloutlauncher.exe |
"{97689B2F-9A25-4E5F-9429-2593AA1476F8}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{98FA4E82-E40E-45FE-9026-79D3922AF856}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A0DB89B8-C9D1-48BB-A32D-DD09DBA11A9E}" = dir=in | app=c:program filespando networksmedia boosterpmb.exe |
"{A19909C3-BF01-444D-AF6F-7906EE8D1EA2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A55158A0-A4F3-4F21-AC41-F94B4F7BA1B3}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{A63EC814-448B-416A-BCE9-4CA19955C205}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B2433709-47F4-410B-8F74-6EF6B7BAE760}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B25659D4-5D7E-45E5-B152-0694178CF09B}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{B7F0C8C4-883C-436C-9917-50D00DD3613E}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{B9C2688E-2D1E-48B1-AF0C-C6FF84646349}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BA210A0E-0E7B-4BC1-B913-611A296DFE23}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BC20457D-9921-4D4F-9244-80F7688ACCA8}" = protocol=17 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
"{C0809483-8CFC-4547-B1BE-E04E3591EA5D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C2A6DB2A-8679-4FB7-AA8F-9F7506ABD128}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C38381F9-874C-4264-861B-9EFB31919A5A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C4BC0EB2-B1C7-4B8C-BFE3-79DA31236DE3}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{C9D55B72-6537-47E8-9BC2-D873C7DD7D44}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DB31BDD8-F67C-484F-885B-3BD327A61471}" = protocol=6 | dir=in | app=c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{DEBA894F-A007-4379-A148-6F648941058E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DEF762B2-FCA4-451C-9AF1-594E4A9C7E5F}" = protocol=17 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysql.exe |
"{E47246E7-D0BB-4728-8073-5BCEBC2D0BA7}" = protocol=17 | dir=in | app=c:\program files\bradford networks\persistent agent\bndaemon.exe |
"{E48BB1BD-A9E9-4807-9B69-394F82C13A00}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{E7334B94-350C-48CF-AB57-1970352A0139}" = protocol=17 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysqld.exe |
"{E94DA246-33C9-401B-9DD5-FAC677F9A873}" = protocol=6 | dir=in | app=c:\program files\common files\dell\apache\php.exe |
"{F023D089-7644-4408-A074-E63821FCC255}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\fallout 3 goty\falloutlauncher.exe |
"{F15A6673-5937-4F02-8AB2-68E0B8C8BC6D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F7EDD2E6-95D4-4D8D-B40B-481B838C0AF5}" = protocol=6 | dir=out | app=system |
"{FAD2C6DA-9482-424A-85BE-AD180B978550}" = protocol=6 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysql.exe |
"{FF58A6E4-2FC9-4358-A99E-C8C6BDAA3E42}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{5C93A641-9F8F-4CA7-A1C2-11034707E967}C:\program files\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{B3109603-F2FA-4E65-BE33-38809F9B7BF2}C:\users\jwillis\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\jwillis\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{D3E6ADBE-B470-49C8-BE67-BFC74E3280C9}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{0311790B-190C-492B-849A-285E47FADCEC}C:\program files\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"UDP Query User{2AC9922E-5041-4F5A-993E-6F7F339BD0AA}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{3B91BAF4-BFD0-4693-8684-EDD68E62A77D}C:\users\jwillis\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\jwillis\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 24
"{28DFA10C-2588-4CF2-9275-E0EFF1E9BB0C}" = Complete Care Consumer Service Agreement
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A17B9E-3901-400B-BCD7-2ACD8FFE328B}" = System Requirements Lab for Intel
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2289997-10A3-48F2-AA03-99180D761661}" = Fingerprint Reader Suite 5.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C19AB6C4-BBD0-49EF-927D-9C7CB80BC0B0}" = MapleStory
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EBE939ED-4612-45FD-A39E-77AC199C4273}" = Absolute Notifier
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"avast5" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Freeze_is1" = Freeze
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HyperCam 2" = HyperCam 2
"Inkscape" = Inkscape 0.46
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"Pokemon Mystery Dungeon" = Pokemon Mystery Dungeon Screen Saver
"Primavera Escape_is1" = Primavera Escape
"Steam App 22330" = The Elder Scrolls IV: Oblivion
"Steam App 22370" = Fallout 3 - Game of the Year Edition
"Steam App 26800" = Braid
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 400" = Portal
"WinGimp-2.0_is1" = GIMP 2.6.11

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4018005527-992730032-2583488031-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/15/2009 1:41:03 PM | Computer Name = JWillis-PC | Source = avast! | ID = 33554522
Description =

Error - 11/15/2009 1:41:03 PM | Computer Name = JWillis-PC | Source = avast! | ID = 33554522
Description =

Error - 11/15/2009 1:41:10 PM | Computer Name = JWillis-PC | Source = avast! | ID = 33554522
Description =

Error - 11/15/2009 1:41:13 PM | Computer Name = JWillis-PC | Source = avast! | ID = 33554522
Description =

Error - 11/15/2009 1:41:16 PM | Computer Name = JWillis-PC | Source = avast! | ID = 33554522
Description =

Error - 11/15/2009 1:41:16 PM | Computer Name = JWillis-PC | Source = avast! | ID = 33554522
Description =

Error - 11/15/2009 1:41:23 PM | Computer Name = JWillis-PC | Source = avast! | ID = 33554522
Description =

Error - 11/15/2009 1:41:26 PM | Computer Name = JWillis-PC | Source = avast! | ID = 33554522
Description =

Error - 11/15/2009 1:41:29 PM | Computer Name = JWillis-PC | Source = avast! | ID = 33554522
Description =

Error - 1/3/2010 11:38:42 PM | Computer Name = JWillis-PC | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 3/30/2011 3:19:50 PM | Computer Name = JWillis-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/30/2011 3:19:50 PM | Computer Name = JWillis-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/30/2011 3:19:50 PM | Computer Name = JWillis-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/30/2011 3:19:51 PM | Computer Name = JWillis-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/30/2011 3:19:51 PM | Computer Name = JWillis-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/30/2011 3:19:52 PM | Computer Name = JWillis-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/31/2011 12:23:07 AM | Computer Name = JWillis-PC | Source = EventSystem | ID = 4621
Description =

Error - 3/31/2011 9:06:18 AM | Computer Name = JWillis-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/1/2011 3:21:30 PM | Computer Name = JWillis-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/1/2011 3:34:57 PM | Computer Name = JWillis-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: ebc Start Time: 01cbf0a27d0941f0 Termination Time: 0

[ Broadcom Wireless LAN Events ]
Error - 12/21/2010 4:46:02 PM | Computer Name = JWillis-PC | Source = WLAN-Tray | ID = 0
Description = 15:46:02, Tue, Dec 21, 10 Error - User "" does not have administrative
privileges on this system

Error - 12/31/2010 4:16:05 PM | Computer Name = JWillis-PC | Source = WLAN-Tray | ID = 0
Description = 15:16:05, Fri, Dec 31, 10 Error - User "" does not have administrative
privileges on this system

Error - 1/8/2011 5:46:06 PM | Computer Name = JWillis-PC | Source = WLAN-Tray | ID = 0
Description = 16:46:06, Sat, Jan 08, 11 Error - User "" does not have administrative
privileges on this system

Error - 1/8/2011 5:46:06 PM | Computer Name = JWillis-PC | Source = WLAN-Tray | ID = 0
Description = 16:46:06, Sat, Jan 08, 11 Error - User "" does not have administrative
privileges on this system

Error - 3/13/2011 3:40:04 PM | Computer Name = JWillis-PC | Source = WLAN-Tray | ID = 0
Description = 15:39:58, Sun, Mar 13, 11 Error - Unable to gain access to user store


Error - 3/27/2011 3:37:16 PM | Computer Name = JWillis-PC | Source = WLAN-Tray | ID = 0
Description = 15:37:16, Sun, Mar 27, 11 Error - Unable to gain access to user store


Error - 3/29/2011 8:16:39 PM | Computer Name = JWillis-PC | Source = WLAN-Tray | ID = 0
Description = 20:16:39, Tue, Mar 29, 11 Error - User "" does not have administrative
privileges on this system

[ OSession Events ]
Error - 1/6/2009 10:55:46 AM | Computer Name = JWillis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1053
seconds with 660 seconds of active time. This session ended with a crash.

Error - 1/6/2009 10:57:27 AM | Computer Name = JWillis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 78
seconds with 60 seconds of active time. This session ended with a crash.

Error - 3/6/2009 10:16:50 AM | Computer Name = JWillis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 419
seconds with 240 seconds of active time. This session ended with a crash.

Error - 3/16/2009 12:18:15 PM | Computer Name = JWillis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 855 seconds with 180 seconds of active time. This session ended with a crash.

Error - 4/9/2009 9:42:22 AM | Computer Name = JWillis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 250
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/1/2011 10:26:53 PM | Computer Name = JWillis-PC | Source = netbt | ID = 4321
Description = The name "DJ56JVD1 :0" could not be registered on the interface
with IP address 192.168.0.2. The computer with the IP address 192.168.0.4 did not
allow the name to be claimed by this computer.

Error - 4/1/2011 10:36:35 PM | Computer Name = JWillis-PC | Source = netbt | ID = 4321
Description = The name "DJ56JVD1 :0" could not be registered on the interface
with IP address 192.168.0.2. The computer with the IP address 192.168.0.4 did not
allow the name to be claimed by this computer.

Error - 4/1/2011 10:47:05 PM | Computer Name = JWillis-PC | Source = netbt | ID = 4321
Description = The name "DJ56JVD1 :0" could not be registered on the interface
with IP address 192.168.0.2. The computer with the IP address 192.168.0.4 did not
allow the name to be claimed by this computer.

Error - 4/1/2011 10:57:11 PM | Computer Name = JWillis-PC | Source = netbt | ID = 4321
Description = The name "DJ56JVD1 :0" could not be registered on the interface
with IP address 192.168.0.2. The computer with the IP address 192.168.0.4 did not
allow the name to be claimed by this computer.

Error - 4/1/2011 11:07:16 PM | Computer Name = JWillis-PC | Source = netbt | ID = 4321
Description = The name "DJ56JVD1 :0" could not be registered on the interface
with IP address 192.168.0.2. The computer with the IP address 192.168.0.4 did not
allow the name to be claimed by this computer.

Error - 4/1/2011 11:17:24 PM | Computer Name = JWillis-PC | Source = netbt | ID = 4321
Description = The name "DJ56JVD1 :0" could not be registered on the interface
with IP address 192.168.0.2. The computer with the IP address 192.168.0.4 did not
allow the name to be claimed by this computer.

Error - 4/1/2011 11:27:31 PM | Computer Name = JWillis-PC | Source = netbt | ID = 4321
Description = The name "DJ56JVD1 :0" could not be registered on the interface
with IP address 192.168.0.2. The computer with the IP address 192.168.0.4 did not
allow the name to be claimed by this computer.

Error - 4/1/2011 11:37:40 PM | Computer Name = JWillis-PC | Source = netbt | ID = 4321
Description = The name "DJ56JVD1 :0" could not be registered on the interface
with IP address 192.168.0.2. The computer with the IP address 192.168.0.4 did not
allow the name to be claimed by this computer.

Error - 4/1/2011 11:47:59 PM | Computer Name = JWillis-PC | Source = netbt | ID = 4321
Description = The name "DJ56JVD1 :0" could not be registered on the interface
with IP address 192.168.0.2. The computer with the IP address 192.168.0.4 did not
allow the name to be claimed by this computer.

Error - 4/1/2011 11:58:09 PM | Computer Name = JWillis-PC | Source = netbt | ID = 4321
Description = The name "DJ56JVD1 :0" could not be registered on the interface
with IP address 192.168.0.2. The computer with the IP address 192.168.0.4 did not
allow the name to be claimed by this computer.


< End of report >

Edited by Elec-1, 01 April 2011 - 11:55 PM.

The custom avatar was created for me by AnonymousMonster at DeviantArt.
http://anonymousmonster.deviantart.com/

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:31 AM

Posted 09 April 2011 - 11:17 AM

Hi,

sorry for the late reply.

It seems you have a mysql server running, is this something that needs to run or could you remove it? It is part of Remote Accesss from Dell.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Elec-1

Elec-1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:31 PM

Posted 09 April 2011 - 08:51 PM

I'm not sure if I need it or not. It doesn't seem to cause a problem when I close it out and it is actually very beneficial when I do.
The custom avatar was created for me by AnonymousMonster at DeviantArt.
http://anonymousmonster.deviantart.com/

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:31 AM

Posted 10 April 2011 - 04:57 AM

Hi,

ok, let's see if something else may be causing mysql to use that much CPU:

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either McAfee or Avast.

Let me know if removing one, helps with your issues.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:31 AM

Posted 01 May 2011 - 08:22 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users