Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Re-Direct issue, no luck solving problem yet


  • This topic is locked This topic is locked
67 replies to this topic

#1 Bosco55David

Bosco55David

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 23 May 2011 - 02:00 PM

The other night my computer was infected with a version of the dreaded Windows Vista Recovery virus. After several hours of browsing the internet (including this site...thanks!) I was able to get MalwareBytes to run and (I think) kill the virus and restore all my hidden files and folders. That said, I am still having issues with Google redirects. Whenever I run a search on Google and click a link I usually end up getting re-directed to another site. Sometimes I get redirected right back to Google. Sometimes I'm redirected to Yellowpages.com. Sometimes it attempts to redirect me somewhere else and my Avast catches it as a malicious URL and stops it.

So far I've run MalwareBytes (again), SuperAntiSpyware, Avast and Advanced SystemCare, none of which have fixed this issue. I attempted to run TDSSKiller, following all the directions laid out in the link below but to no avail. When I go to run the file it brings up the box asking if I'm sure I want to run it, I click yes and then nothing happens.

http://www.bleepingcomputer.com/forums/topic398335.html

Anyways, it's obvious that I am not going to be able to solve this issue on my own so I am here for help. Thanks in advance everyone!

ETA: Running Windows Vista Home Premium

Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum, at the request of a Malware Removal team member. ~ Animal

BC AdBot (Login to Remove)

 


#2 Bosco55David

Bosco55David
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 23 May 2011 - 02:52 PM

Just to add, another redirect seems to be the website prl.us. Sometimes this will just send me back to Google and other times it will ask me if I want to open an application, which I obviously decline. Don't know if that will help diagnose the issue but I figured better safe than sorry.

Edit: Internet Explorer seems to be running in the background. :blink: Very odd considering I only use Firefox. I was sitting here surfing the web and got a "Internet Explorer has stopped working" message. I pull up task manager and sure enough it shows that it's running. Beyond that and the noticeably slower computer, there is no evidence of IE running.

Edited by Bosco55David, 23 May 2011 - 03:19 PM.


#3 Bosco55David

Bosco55David
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 24 May 2011 - 10:01 AM

Bump

#4 invision

invision

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 24 May 2011 - 10:27 AM

Try using Rkill and Malwarebytes

follow these steps http://www.bleepingcomputer.com/forums/topic308364.html

#5 Bosco55David

Bosco55David
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 24 May 2011 - 10:59 AM

Ok thanks. I'll give that a shot.

#6 Bosco55David

Bosco55David
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 24 May 2011 - 01:18 PM

Did the following.

1. Installed RKill

2. Reboot into safe mode

3. Run RKill as an admin. It kills Adobe and itself (eXplorer.exe). Very odd.

4. Run a full scan of MalwareBytes. It only detects RKill and it's eXplorer.exe counterpart.

5. Reboot

So far the problem remains. I get an Avast "malicious URL" warning almost immediately on starting Firefox.

#7 invision

invision

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 24 May 2011 - 01:28 PM

Check your HOSTS file and make sure is clean

1. Click Start > Run and type C:\Windows\System32\drivers\etc then hit ENTER
2. Right Click on HOSTS and Open with and select Notepad
3. Make sure you only have this listed

# Copyright © 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost


Check your DNS settings

1. Click Start > type ncpa.cpl into the Start menu search box
2. Right Click Local Area Connection then click Properties
3. Select TCP/IPV4 and click properties
4. Under DNS, do you see anything listed? IF you do, write it down and change it to Google's DNS 8.8.8.8
5. Click OK then OK
6. Close any opened windows and try to use any browser now.

Edited by invision, 24 May 2011 - 01:28 PM.


#8 Bosco55David

Bosco55David
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 24 May 2011 - 03:46 PM

Check your HOSTS file and make sure is clean

1. Click Start > Run and type C:\Windows\System32\drivers\etc then hit ENTER
2. Right Click on HOSTS and Open with and select Notepad
3. Make sure you only have this listed


I have all that but there are these entries following after it.

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com


Check your DNS settings

1. Click Start > type ncpa.cpl into the Start menu search box
2. Right Click Local Area Connection then click Properties
3. Select TCP/IPV4 and click properties
4. Under DNS, do you see anything listed? IF you do, write it down and change it to Google's DNS 8.8.8.8
5. Click OK then OK
6. Close any opened windows and try to use any browser now.


No, the box is empty with "Obtain DNS server automatically" checked.

#9 invision

invision

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 24 May 2011 - 03:53 PM

Please try tihis

Download this file RogueKiller.exe

Click start > Run and type http://tigzy.geekstogo.com/Tools/RogueKiller.exe then hit enter

If you are able to download it

1. Quit all running programs.
2. Simply run RogueKiller.exe.
3. When prompted, type 1 and validate.
4. The RKreport.txt shall be generated next to the executable.
5. If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to iexplorer.exe.


Please post the contents of the RKreport.txt in your next Reply.

#10 Bosco55David

Bosco55David
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 24 May 2011 - 04:22 PM

Ok, here is what it came back with.

RogueKiller V5.1.6 [05/21/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Eric [Admin rights]
Mode: Scan -- Date : 05/24/2011 17:21:34

Bad processes: 0

Registry Entries: 3
[SUSP PATH] HKCU\[...]\Run : cdloader ("C:\Users\Eric.Home.000\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-88176895-3416853917-3335570716-1005[...]\Run : cdloader ("C:\Users\Eric.Home.000\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

HOSTS File:
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com


Finished : << RKreport[1].txt >>
RKreport[1].txt





#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:19 AM

Posted 24 May 2011 - 04:28 PM

Hi Bosco55David!

Please run this tool for me:


Running aswMBR.exe

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it.


Click the "Scan" button to start scan.


Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply.


Posted Image

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 Bosco55David

Bosco55David
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 24 May 2011 - 04:36 PM

Ok, here is what it came up with.

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-24 17:33:55
-----------------------------
17:33:55.487 OS Version: Windows 6.0.6002 Service Pack 2
17:33:55.487 Number of processors: 2 586 0x4B02
17:33:55.487 ComputerName: HOME UserName: Eric
17:34:30.977 Initialize success
17:34:36.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
17:34:36.484 Disk 0 Vendor: Hitachi_ V5DO Size: 238475MB BusType: 6
17:34:38.543 Disk 0 MBR read successfully
17:34:38.543 Disk 0 MBR scan
17:34:38.543 Disk 0 unknown MBR code
17:34:40.555 Disk 0 scanning sectors +488391120
17:34:40.602 Disk 0 scanning C:\Windows\system32\drivers
17:34:57.996 Service scanning
17:35:01.709 Disk 0 trace - called modules:
17:35:01.740 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x856571ed]<<
17:35:01.740 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8503eac8]
17:35:01.740 3 CLASSPNP.SYS[869a98b3] -> nt!IofCallDriver -> [0x844b7598]
17:35:01.740 5 acpi.sys[861316bc] -> nt!IofCallDriver -> \Device\00000057[0x844b78d0]
17:35:01.756 \Driver\nvstor32[0x844bb880] -> IRP_MJ_CREATE -> 0x8442e1f8
17:35:02.255 Scan finished successfully
17:35:28.229 Disk 0 MBR has been saved successfully to "C:\Users\Eric.Home.000\Desktop\MBR.dat"
17:35:28.229 The log file has been saved successfully to "C:\Users\Eric.Home.000\Desktop\aswMBR.txt"




#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:19 AM

Posted 24 May 2011 - 04:42 PM

Bosco55David,

I am going to request that this thread be moved to the malware forum, so that we will not be limited by the restrictions of what tools we are able to use in this forum.

---------------

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Please zip up this file: C:\Users\Eric.Home.000\Desktop\MBR.dat and attach it in your next reply.


Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 Bosco55David

Bosco55David
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 24 May 2011 - 05:04 PM

Ok, will do that right now and let you know the results! :thumbup2:

#15 Bosco55David

Bosco55David
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 24 May 2011 - 05:43 PM

- Attached the zipped MBR.dat file. Hopefully I did that one right.

- RKU log

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8B80B000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7467008 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 175.21 )
0x81E17000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x81E17000 PnpManager 3907584 bytes
0x81E17000 RAW 3907584 bytes
0x81E17000 WMIxWDM 3907584 bytes
0x8D00F000 C:\Windows\system32\drivers\RTKVHDA.sys 2322432 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x976B0000 Win32k 2109440 bytes
0x976B0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x86808000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8640D000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8B40E000 C:\Windows\system32\DRIVERS\HSX_DP.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8B60F000 C:\Windows\system32\DRIVERS\nvmfdx32.sys 1048576 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
0x86001000 PCI_PNP9075 995328 bytes
0x86001000 C:\Windows\System32\Drivers\spqe.sys 995328 bytes
0x86001000 sptd 995328 bytes
0x8660A000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x80662000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA187F000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8B510000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x9CE02000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8BF2A000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x86341000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x80742000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x862D0000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8D298000 C:\Windows\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0x9CEF0000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA1802000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x97900000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8678A000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 311296 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x8DD50000 C:\Windows\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
0x861B6000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8DC0D000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x86123000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80621000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x86244000 C:\Windows\system32\drivers\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8673D000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8DCF3000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x86543000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8B72D000 C:\Windows\System32\Drivers\arvigrg7.SYS 233472 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x9CFC7000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x86918000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x865C4000 C:\Windows\system32\drivers\aswMonFlt.sys 229376 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x8657E000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x821D1000 ACPI_HAL 208896 bytes
0x821D1000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x86285000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8DC5A000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B766000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8D246000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x86518000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x867D6000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x863CE000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x86968000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x86171000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x860FD000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8D273000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8B795000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8DCCB000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x869A0000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8D362000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9CFA8000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x86209000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8DDC6000 C:\Windows\System32\Drivers\dump_nvstor32.sys 118784 bytes
0x86227000 C:\Windows\system32\drivers\nvstor32.sys 118784 bytes (NVIDIA Corporation, NVIDIAŽ nForce™ Sata Performance Driver)
0x9CF5D000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x866F4000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x869CA000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9CF7A000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8B70F000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x869E5000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8DD39000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8BFE1000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8DC8C000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8D3B5000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9CF93000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8B7DB000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8DD9A000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xA1973000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8B7C7000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8D3D5000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x9CEDD000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8DCB0000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xA1988000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xA1868000 C:\Windows\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)
0x8698F000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x865B3000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80608000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x86723000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0x862B7000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8D311000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x9CEB9000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x807E0000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8B7F0000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8DDED000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x86959000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x86198000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8B7B8000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8677B000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x861A7000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x978F0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8DCA2000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8D39E000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x807D2000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8DDAF000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8B5C5000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8B5E7000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x807BE000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA1967000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8D356000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8BFCA000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8B600000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8B5D2000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8D393000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8B800000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8BFD6000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8670F000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8D3CB000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0x8DDBC000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x8DDE3000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8B5DD000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8DD2F000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9CEC9000 C:\Windows\system32\DRIVERS\pnarp.sys 40960 bytes (Cisco Systems, Inc., Address Resolution Protocol Driver)
0x9CED3000 C:\Windows\system32\DRIVERS\purendis.sys 40960 bytes (Cisco Systems, Inc., NDIS Relay Driver)
0xA195D000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x86733000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x869C1000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8D333000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8D308000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8D32A000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xA19A2000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x862C7000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8D3AC000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x978D0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8671A000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x860F4000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x807F0000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80619000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8DCC3000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x86169000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8D383000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8D38B000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x86951000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xA199A000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x9CEB2000 C:\Windows\system32\DRIVERS\elagopro.sys 28672 bytes (Gteko Ltd., Gteko's GoProto protocol driver)
0x8D321000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80601000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8D33C000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x807CB000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8B727000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8DCED000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x8DC55000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xA187B000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8DDFC000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xA1879000 C:\Windows\system32\DRIVERS\elaunidr.sys 8192 bytes (Gteko Ltd., GUniDriver)
0x8BFF8000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8D328000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x8442F1F8 unknown_irp_handler 3592 bytes
0x8442D1F8 unknown_irp_handler 3592 bytes
0x8D4421F8 unknown_irp_handler 3592 bytes
0x859211F8 unknown_irp_handler 3592 bytes
0x8CF6D1F8 unknown_irp_handler 3592 bytes
0x859A21F8 unknown_irp_handler 3592 bytes
0x8CF691F8 unknown_irp_handler 3592 bytes
0x859E81F8 unknown_irp_handler 3592 bytes
0x859AB1F8 unknown_irp_handler 3592 bytes
0x8442B1F8 unknown_irp_handler 3592 bytes
0x8442E1F8 unknown_irp_handler 3592 bytes
0x859221F8 unknown_irp_handler 3592 bytes
0x8593D398 unknown_irp_handler 3176 bytes
==============================================
>Stealth
==============================================
0x8564EA91 Unknown page with executable code, 1391 bytes
0x86918000 WARNING: Virus alike driver modification [volsnap.sys], 233472 bytes
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]
0x8564D288 Unknown page with executable code, 3448 bytes
0x8564F191 Unknown page with executable code, 3695 bytes
0x85651E7A Unknown thread object [ ETHREAD 0x859343F8 ] TID: 264, 600 bytes
0x85654008 Unknown thread object [ ETHREAD 0x85934150 ] TID: 268, 600 bytes
0x856530DE Unknown thread object [ ETHREAD 0x8588A020 ] , 600 bytes
0x85651B45 Unknown thread object [ ETHREAD 0x8588AD78 ] , 600 bytes
0x85653CDC Unknown page with executable code, 804 bytes


- OTL.txt

OTL logfile created on: 5/24/2011 6:27:19 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Eric.Home.000\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.82 Mb Total Physical Memory | 181.54 Mb Available Physical Memory | 20.31% Memory free
2.00 Gb Paging File | 0.96 Gb Available in Paging File | 48.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.12 Gb Total Space | 20.12 Gb Free Space | 8.98% Space Free | Partition Type: NTFS
Drive D: | 8.76 Gb Total Space | 1.00 Gb Free Space | 11.36% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/24 18:24:55 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Eric.Home.000\Desktop\OTL.exe
PRC - [2011/05/10 08:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/04/29 15:43:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/21 16:54:44 | 000,512,400 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe
PRC - [2011/04/21 16:54:40 | 000,402,832 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/04/21 16:54:38 | 000,801,680 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2010/12/14 11:10:42 | 000,134,864 | ---- | M] (Upromise, Inc.) -- C:\Program Files\Upromise\UpromiseGlobalCache.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/24 18:24:55 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Eric.Home.000\Desktop\OTL.exe
MOD - [2011/05/10 08:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (stllssvr)
SRV - [2011/05/17 20:26:22 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/21 16:54:38 | 000,352,656 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2010/10/11 03:20:08 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/25 20:37:52 | 000,320,760 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/03/06 13:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Disabled | Stopped] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 07:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/11/09 22:22:13 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/07/07 15:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 15:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/08/01 20:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/22 22:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/26 19:51:22 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/03/22 13:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 13:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2002/10/01 15:43:32 | 000,119,798 | ---- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\SPCA561.SYS -- (CA561)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.com/?ncid=customie8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/linksys
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-88176895-3416853917-3335570716-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.com/?ncid=customie8
IE - HKU\S-1-5-21-88176895-3416853917-3335570716-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-88176895-3416853917-3335570716-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-88176895-3416853917-3335570716-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-88176895-3416853917-3335570716-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.72.0
FF - prefs.js..extensions.enabledItems: {cd617375-6743-4ee8-bac4-fbf10f35729e}:2.8.5
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 15:43:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/19 15:15:34 | 000,000,000 | ---D | M]

[2010/12/06 00:21:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\Mozilla\Extensions
[2011/05/23 20:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric.Home.000\AppData\Roaming\mozilla\Firefox\Profiles\8n63elus.default\extensions
[2010/12/06 00:37:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Eric.Home.000\AppData\Roaming\mozilla\Firefox\Profiles\8n63elus.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/16 17:09:26 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Eric.Home.000\AppData\Roaming\mozilla\Firefox\Profiles\8n63elus.default\extensions\support@lastpass.com
[2011/04/03 12:53:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\ERIC.HOME.000\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N63ELUS.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\USERS\ERIC.HOME.000\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N63ELUS.DEFAULT\EXTENSIONS\{CD617375-6743-4EE8-BAC4-FBF10F35729E}.XPI
() (No name found) -- C:\USERS\ERIC.HOME.000\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N63ELUS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/04/29 15:43:35 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2011/04/03 15:33:06 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/10/11 22:26:59 | 000,001,393 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll (Compete, Inc.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-88176895-3416853917-3335570716-1005\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-88176895-3416853917-3335570716-1005\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-88176895-3416853917-3335570716-1005..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-88176895-3416853917-3335570716-1005..\Run: [cdloader] C:\Users\Eric.Home.000\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-88176895-3416853917-3335570716-1005..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe (IObit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-88176895-3416853917-3335570716-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-88176895-3416853917-3335570716-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-88176895-3416853917-3335570716-1005\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/23 10:11:39 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{21fdc5ea-d9dc-11dc-887f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{21fdc5ea-d9dc-11dc-887f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/24 18:24:44 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Eric.Home.000\Desktop\OTL.exe
[2011/05/24 17:33:08 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Eric.Home.000\Desktop\aswMBR.exe
[2011/05/24 11:50:42 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/23 14:40:56 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Eric.Home.000\Desktop\eric123.exe
[2011/05/23 02:04:41 | 000,000,000 | -HSD | C] -- C:\found.003
[2011/05/22 13:17:01 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/05/22 07:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EricBaby
[2011/05/22 07:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\Eric Baby
[2011/05/22 04:25:50 | 000,000,000 | ---D | C] -- C:\Users\Eric.Home.000\AppData\Local\AskToolbar
[2011/05/22 04:06:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\beep.sys
[2011/05/19 15:14:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/19 11:07:13 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/13 20:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/05/13 20:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/11 15:55:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/05/11 05:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/05/11 05:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\YourWare Solutions
[2011/05/11 05:19:01 | 000,000,000 | ---D | C] -- C:\Users\Eric.Home.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRAM XP Pro
[2011/05/11 05:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRAM XP Pro
[2011/05/11 05:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 4
[2011/05/11 05:16:52 | 000,000,000 | ---D | C] -- C:\Users\Eric.Home.000\AppData\Roaming\IObit
[2011/05/11 05:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/05/10 09:38:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Easy
[2011/05/04 21:22:52 | 000,000,000 | ---D | C] -- C:\Users\Eric.Home.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire
[2011/04/29 03:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Toolbar
[2011/04/25 12:36:53 | 000,000,000 | ---D | C] -- C:\Users\Eric.Home.000\Documents\SimCity 4
[2002/03/11 05:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
[2002/03/11 04:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/24 18:36:00 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6AB2BAB7-7E2A-4747-8CEA-FE9FCEE5DC0E}.job
[2011/05/24 18:36:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B2E4E9C0-8CA0-4F46-9F2A-356530B5A0E6}.job
[2011/05/24 18:35:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C8EF3BAA-5E9F-49CD-B87B-6972310FD5AB}.job
[2011/05/24 18:24:55 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Eric.Home.000\Desktop\OTL.exe
[2011/05/24 18:17:13 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/05/24 18:11:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/24 18:11:27 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/24 18:11:27 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/24 18:11:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/24 18:11:15 | 935,927,808 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/24 18:11:14 | 170,905,159 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/24 18:06:12 | 000,000,580 | ---- | M] () -- C:\Users\Eric.Home.000\Desktop\MBR.zip
[2011/05/24 18:02:44 | 000,133,632 | ---- | M] () -- C:\Users\Eric.Home.000\Desktop\RKUnhookerLE.EXE
[2011/05/24 17:53:06 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/24 17:35:28 | 000,000,512 | ---- | M] () -- C:\Users\Eric.Home.000\Desktop\MBR.dat
[2011/05/24 17:33:30 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Eric.Home.000\Desktop\aswMBR.exe
[2011/05/24 17:31:36 | 000,043,008 | ---- | M] () -- C:\Users\Eric.Home.000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/24 11:50:41 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/23 14:41:17 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Eric.Home.000\Desktop\eric123.exe
[2011/05/22 08:34:22 | 000,294,400 | ---- | M] () -- C:\Users\Eric.Home.000\Desktop\exeHelper.com
[2011/05/22 07:37:54 | 000,000,777 | ---- | M] () -- C:\Users\Eric.Home.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/22 07:37:54 | 000,000,753 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/19 15:15:36 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/05/19 11:07:13 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/18 07:58:08 | 000,275,338 | R--- | M] () -- C:\Users\Eric.Home.000\Desktop\Not Your Momma's New England Scheme.pdf
[2011/05/14 14:14:44 | 000,001,630 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/11 15:55:29 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/11 05:17:30 | 000,001,002 | ---- | M] () -- C:\Users\Public\Desktop\Quick Care.lnk
[2011/05/11 05:17:28 | 000,000,980 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 4.lnk
[2011/05/10 08:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/10 08:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/10 07:59:44 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/05/04 21:25:27 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/04 21:25:27 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/04 21:22:53 | 000,000,994 | ---- | M] () -- C:\Users\Eric.Home.000\Desktop\FrostWire 4.21.1.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/24 18:06:12 | 000,000,580 | ---- | C] () -- C:\Users\Eric.Home.000\Desktop\MBR.zip
[2011/05/24 18:01:48 | 000,133,632 | ---- | C] () -- C:\Users\Eric.Home.000\Desktop\RKUnhookerLE.EXE
[2011/05/24 17:35:28 | 000,000,512 | ---- | C] () -- C:\Users\Eric.Home.000\Desktop\MBR.dat
[2011/05/24 14:05:37 | 935,927,808 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/22 13:32:32 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/22 13:32:32 | 000,001,906 | ---- | C] () -- C:\Users\Public\Desktop\Network Magic.lnk
[2011/05/22 13:32:32 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/05/22 13:32:32 | 000,001,806 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/22 13:32:32 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/22 13:32:32 | 000,001,692 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/05/22 13:32:32 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2011/05/22 13:32:32 | 000,001,660 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/05/22 13:32:32 | 000,001,630 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/22 13:32:32 | 000,001,435 | ---- | C] () -- C:\Users\Public\Desktop\Launch Monitor Driver Installer.lnk
[2011/05/22 13:32:32 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\Quick Care.lnk
[2011/05/22 13:32:32 | 000,000,980 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 4.lnk
[2011/05/22 13:32:32 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/05/22 13:30:49 | 000,001,991 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/05/22 13:30:49 | 000,001,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk
[2011/05/22 13:30:49 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
[2011/05/22 13:30:49 | 000,001,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/05/22 13:30:49 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
[2011/05/22 13:30:49 | 000,001,757 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
[2011/05/22 13:30:49 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/05/22 13:30:49 | 000,001,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk
[2011/05/22 13:30:49 | 000,001,193 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/05/22 13:30:49 | 000,001,124 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/05/22 13:30:49 | 000,001,003 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/05/22 13:30:48 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011/05/22 13:30:48 | 000,002,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2011/05/22 13:30:48 | 000,001,938 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Magic.lnk
[2011/05/22 13:30:48 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2011/05/22 13:30:48 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/05/22 13:30:48 | 000,001,789 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/05/22 13:30:48 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
[2011/05/22 13:30:48 | 000,001,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/05/22 13:30:48 | 000,001,259 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Drive CS4.lnk
[2011/05/22 13:30:48 | 000,001,234 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
[2011/05/22 13:30:48 | 000,001,114 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS4.lnk
[2011/05/22 13:30:48 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS4.lnk
[2011/05/22 13:30:48 | 000,000,968 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS4.lnk
[2011/05/22 13:30:48 | 000,000,930 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk
[2011/05/22 13:30:48 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/22 08:33:52 | 000,294,400 | ---- | C] () -- C:\Users\Eric.Home.000\Desktop\exeHelper.com
[2011/05/22 07:37:54 | 000,000,777 | ---- | C] () -- C:\Users\Eric.Home.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/22 07:37:54 | 000,000,753 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/18 07:58:11 | 000,275,338 | R--- | C] () -- C:\Users\Eric.Home.000\Desktop\Not Your Momma's New England Scheme.pdf
[2011/05/04 21:22:53 | 000,000,994 | ---- | C] () -- C:\Users\Eric.Home.000\Desktop\FrostWire 4.21.1.lnk
[2011/04/23 18:31:33 | 000,000,680 | ---- | C] () -- C:\Users\Eric\AppData\Local\d3d9caps.dat
[2011/03/14 19:16:50 | 000,000,280 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\wklnhst.dat
[2011/03/03 05:38:20 | 000,009,050 | -HS- | C] () -- C:\Users\Eric.Home.000\AppData\Local\2774976125
[2011/03/03 05:38:20 | 000,009,050 | -HS- | C] () -- C:\ProgramData\2774976125
[2011/02/18 21:54:25 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2011/02/16 15:07:11 | 000,166,956 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/12/15 03:26:27 | 000,043,008 | ---- | C] () -- C:\Users\Eric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/09 22:42:18 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat
[2010/11/09 15:34:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/03/15 23:42:56 | 000,009,756 | -HS- | C] () -- C:\ProgramData\McQnN0WX
[2009/08/18 15:46:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/18 15:46:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/21 00:53:48 | 002,255,360 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/06/21 00:53:48 | 000,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/06/21 00:53:48 | 000,262,144 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/06/21 00:53:48 | 000,112,640 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/05/27 00:07:59 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2008/09/30 13:06:06 | 128,535,711 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2008/09/30 12:29:36 | 000,000,217 | ---- | C] () -- C:\Program Files\setup.ini
[2008/09/30 12:29:32 | 009,772,544 | ---- | C] () -- C:\Program Files\openofficeorg30.msi
[2008/09/13 03:01:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/16 03:28:46 | 000,003,026 | ---- | C] () -- C:\Windows\WININIT.INI
[2008/04/24 14:04:37 | 000,000,031 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2008/03/28 14:07:52 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/03/14 18:26:34 | 000,037,375 | ---- | C] () -- C:\Program Files\openoffice.org-xsltfilter.cab
[2008/03/14 18:26:33 | 002,489,204 | ---- | C] () -- C:\Program Files\openoffice.org-writer.cab
[2008/03/14 18:26:24 | 000,207,388 | ---- | C] () -- C:\Program Files\openoffice.org-testtool.cab
[2008/03/14 18:26:22 | 002,504,855 | ---- | C] () -- C:\Program Files\openoffice.org-pyuno.cab
[2008/03/14 18:26:03 | 000,051,973 | ---- | C] () -- C:\Program Files\openoffice.org-onlineupdate.cab
[2008/03/14 18:26:02 | 001,090,334 | ---- | C] () -- C:\Program Files\openoffice.org-math.cab
[2008/03/14 18:25:58 | 000,118,910 | ---- | C] () -- C:\Program Files\openoffice.org-javafilter.cab
[2008/03/14 18:25:57 | 001,254,017 | ---- | C] () -- C:\Program Files\openoffice.org-impress.cab
[2008/03/14 18:25:51 | 000,086,870 | ---- | C] () -- C:\Program Files\openoffice.org-graphicfilter.cab
[2008/03/14 18:25:50 | 000,002,769 | ---- | C] () -- C:\Program Files\openoffice.org-emailmerge.cab
[2008/03/14 18:25:49 | 000,919,329 | ---- | C] () -- C:\Program Files\openoffice.org-draw.cab
[2008/03/14 18:25:43 | 002,031,954 | ---- | C] () -- C:\Program Files\openoffice.org-core09.cab
[2008/03/14 18:25:37 | 000,293,054 | ---- | C] () -- C:\Program Files\openoffice.org-core08.cab
[2008/03/14 18:25:31 | 003,842,531 | ---- | C] () -- C:\Program Files\openoffice.org-core07.cab
[2008/03/14 18:25:21 | 028,861,971 | ---- | C] () -- C:\Program Files\openoffice.org-core06.cab
[2008/03/14 18:21:09 | 018,636,793 | ---- | C] () -- C:\Program Files\openoffice.org-core05.cab
[2008/03/14 18:19:55 | 016,453,751 | ---- | C] () -- C:\Program Files\openoffice.org-core04.cab
[2008/03/14 18:18:52 | 009,118,219 | ---- | C] () -- C:\Program Files\openoffice.org-core03.cab
[2008/03/14 18:18:28 | 003,860,200 | ---- | C] () -- C:\Program Files\openoffice.org-core02.cab
[2008/03/14 18:18:14 | 015,102,497 | ---- | C] () -- C:\Program Files\openoffice.org-core01.cab
[2008/03/14 18:17:34 | 004,696,905 | ---- | C] () -- C:\Program Files\openoffice.org-calc.cab
[2008/03/14 18:17:15 | 001,802,028 | ---- | C] () -- C:\Program Files\openoffice.org-base.cab
[2008/03/14 18:17:08 | 000,043,005 | ---- | C] () -- C:\Program Files\openoffice.org-activex.cab
[2008/03/14 18:17:03 | 004,372,992 | ---- | C] () -- C:\Program Files\openofficeorg24.msi
[2007/04/23 09:55:44 | 000,103,521 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/04/23 09:37:18 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/04/23 09:34:41 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/04/23 09:34:41 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/06 04:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/12 10:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/01/12 10:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 002,305,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >


- Extras.txt

OTL Extras logfile created on: 5/24/2011 6:27:19 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Eric.Home.000\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.82 Mb Total Physical Memory | 181.54 Mb Available Physical Memory | 20.31% Memory free
2.00 Gb Paging File | 0.96 Gb Available in Paging File | 48.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.12 Gb Total Space | 20.12 Gb Free Space | 8.98% Space Free | Partition Type: NTFS
Drive D: | 8.76 Gb Total Space | 1.00 Gb Free Space | 11.36% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-88176895-3416853917-3335570716-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{020B6CBB-6C3D-449B-A407-A6119D26E879}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{07DE8254-73B6-4011-AF78-CA2CD95AA169}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{12D61E86-0FDF-4AC3-89E0-8045BF627B68}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{39108A19-1F78-45C3-A6C5-96DCCD8F889D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3E5D781C-AAAD-4FB2-8EA1-F689564CE9C2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4536F9DA-949D-4044-88E6-215ABA70AD01}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{468ABEE6-4763-4637-88CB-E2F5BD20E87F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47F3300F-709E-48B3-884B-09F1670F9E26}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{567CDF79-DDE9-4F43-A598-CEAF45A1FEED}" = rport=137 | protocol=17 | dir=out | app=system |
"{56E492C4-82EE-45F5-A43E-951BA54A50D1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59A19A68-468C-4FB5-B09A-1AC6B663DC0A}" = rport=139 | protocol=6 | dir=out | app=system |
"{6343068F-62FB-4D44-8D36-30C99C5A52B5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{63B8B132-2195-4DCE-AE73-925520DDAFC4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8485CFA9-E736-4B62-9846-950417ADD5FE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8554FB53-CE7F-4225-B8F7-7A026877AE2D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8E23D5E6-DFCB-4C48-9155-C1B9D9ED0F6B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{93D92565-3418-496D-9888-700A2D1D42B2}" = lport=138 | protocol=17 | dir=in | app=system |
"{97CC6E79-3FEC-4EC8-8D90-6405FBC50958}" = lport=139 | protocol=6 | dir=in | app=system |
"{9C2977FE-830D-4B9F-B0BD-A89AFA3F8E08}" = rport=445 | protocol=6 | dir=out | app=system |
"{A887338D-7538-45B6-B2A8-2254A9D24F95}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B5A2130A-B7A2-4159-9658-F6A884286FFB}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface |
"{BC5F6A73-8600-4E89-960E-F10516722E47}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BD85B1E3-34BE-4FFC-AEF7-8B522E289E0A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C11C39F5-FC64-47BE-9B73-B3E1184E44E9}" = rport=138 | protocol=17 | dir=out | app=system |
"{C6E2949A-71D4-4EC8-B56C-612F45EC126B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CB9305BB-FB7D-46BD-8809-9C2ED66D2298}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CDA95AE8-7664-47AF-9AB6-0184F6FB01A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D41C1FE8-93B9-43B3-BB84-B2BA4B96F6B0}" = lport=137 | protocol=17 | dir=in | app=system |
"{D899AC98-B192-4E95-BF0C-C47546E2A46D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DA047437-239B-4B94-B099-4CF18BC65819}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E8495A54-A209-4AB1-B334-54A37B786E67}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F26E3FDA-8DA0-4D66-B292-B2D8D0EA1BC9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F7E86E46-DA60-4233-B718-C4E91C4F0D79}" = lport=445 | protocol=6 | dir=in | app=system |
"{FB99F871-EAAF-4BD5-9D3C-3A9F933C2FC1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07EF3A0E-B55F-4AF9-B1FC-6575B37101A9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0D9AE409-7138-4B66-A842-CC616C721396}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{12E9BF8A-9A56-4E3D-A3C8-E51F64290A45}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{1426E365-4812-4C74-AE73-29669C304315}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{1F71FB99-9863-44E3-988C-1BFFAA18B1BC}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{2127CBBE-2C26-4C9F-93BB-D845FE1192CB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{23D6EEF9-AEE6-4B71-8BA3-9055D443AF77}" = protocol=17 | dir=in | app=c:\unreal anthology\ut2004\system\ut2004.exe |
"{35DAFC69-99AD-406E-BF7E-9A3958F6D23B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{365F1F39-F556-4CC1-8311-1B68102C1BD0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{368F9BD6-3B38-4224-AE64-2DC319592FBC}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{473741E6-A4AD-4745-A29D-0564C639C077}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{485484F8-E268-46EF-842D-FA34E70A16AC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\xmasterofkhaosx\counter-strike source\hl2.exe |
"{490FFF20-0606-4945-8857-F987F3841989}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4925236A-9003-4B92-9E82-17ED3EBDA2E5}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{4CFF564E-22FC-4091-A9D1-000B638C6EB8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4D4113AE-64DB-4166-AB7D-7BFE690C6684}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{50D647B9-465B-4DB3-933D-08DF43FDA1A1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5125857B-08FC-4DEE-8387-E700C927D35F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{528C3C9D-ADAE-4D0A-BF16-5F1A983E4E17}" = protocol=6 | dir=out | app=system |
"{573B244F-0F20-429D-A6F0-658BFF6F7ABB}" = protocol=6 | dir=in | app=c:\unreal anthology\ut2004\system\ut2004.exe |
"{5A5B83D3-837F-4A5E-837D-3F0CC9146C7D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5DECBE67-9CE8-4E70-B8C2-305B5A9014DB}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{5E59D701-1407-4002-B0D0-0D07C88E356E}" = protocol=17 | dir=in | app=c:\users\eric.home\appdata\roaming\facebook\facebook.exe |
"{5FCC6C94-4D29-45AA-8BEF-8D4B362DC104}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{61794330-DEE9-4E2B-AFE8-DE347068A701}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6BA5500F-F078-49F2-B097-57926FA53D4E}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{6EAD21B9-F16A-4021-BA71-88378C3B104D}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{732F2833-A8F9-4E3F-B891-72CA3096BE9A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\xmasterofkhaosx\counter-strike source\hl2.exe |
"{77DB6FC8-7269-461A-B161-3EF099AE4DF0}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{7806E33A-D36C-4D80-8828-DF4C734C4F4C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{79BC0D3D-286C-4358-B6F6-12D5A95F9215}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{86106870-26D4-4D7D-A0FD-E239C67383B2}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{893812A7-5A06-4812-80AB-90F518C5ECF2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8C04116C-A3F2-471B-B3DC-A8FFC14847F4}" = protocol=6 | dir=in | app=c:\users\eric.home.000\appdata\roaming\mjusbsp\magicjack.exe |
"{95303B25-A2E5-48FB-B888-B5D1F3193E2A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{96F74053-2CA9-4464-8137-DF1F91A6601A}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{9E35BBD3-CB42-4D71-961F-DDB3CE1F3C2C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A34CF330-700B-43CC-8966-95B691BFDAB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A76CA3BF-73AF-4843-ADFE-C5FCF20A0EC5}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{A807D023-EC69-4F80-A206-F46D661BB0E3}" = protocol=6 | dir=in | app=c:\users\eric.home\appdata\roaming\facebook\facebook.exe |
"{B03383B2-2953-4856-BEA7-B3A6DFC3EFB6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BA7E9FA7-5C77-4BB0-B9BB-ABDF13835A57}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{BEFA368C-07E8-4CFB-9225-6C535CC9970B}" = protocol=17 | dir=in | app=c:\users\eric.home.000\appdata\roaming\mjusbsp\magicjack.exe |
"{C09FB6D9-7596-4BDE-9866-317205BEB253}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{C4E5C7C2-2935-4662-A218-FA7A3BC4E89A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C532131A-15E2-4103-A12E-B74380D595CE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CAC514DA-903C-4B76-A2D9-01DFC51FC180}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{CDC4D596-505C-4BB7-9D1C-896E597009AE}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{D22B9107-0D0F-4136-89B6-EBF95001AAC3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D7617893-F818-4F16-8594-EE12349BF292}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D8F25ADE-ECFA-411A-80CC-7E1633FE944B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D90BB866-DF07-47AA-B987-0B0678C481AA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{E026ADFC-72E4-4EFF-9A3D-801C5B704030}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E071EEFA-88FC-4337-8A07-F8D324E67F29}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{E2883416-AC58-44FA-9BF6-4697F424748B}" = protocol=17 | dir=in | app=c:\users\eric powell\links\audio & visual\utorrent.exe |
"{E8753D2E-F174-4CAA-B7B8-4631CB1FE7E6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EDF1A398-A5D3-4239-9D80-B1AE08BD16BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1EBF6A6-A5A0-482F-B763-51D29869127B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{F372D70E-340F-433E-8D5D-8C0ED476059B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FEFBC5B1-2DF3-41E5-AE62-6E11F00ABB7F}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{FF537F55-218B-46C8-A53C-F167E8CAF28C}" = protocol=6 | dir=in | app=c:\users\eric powell\links\audio & visual\utorrent.exe |
"TCP Query User{0274720F-E4C5-4BCA-918F-726E3CF532AF}C:\unreal anthology\unrealtournament\system\unrealtournament.exe" = protocol=6 | dir=in | app=c:\unreal anthology\unrealtournament\system\unrealtournament.exe |
"TCP Query User{0CC921FC-FB34-4774-BBE3-5C60B0978056}C:\age of empires 2 & the conquerors expansion - full game\age2_x1.exe" = protocol=6 | dir=in | app=c:\age of empires 2 & the conquerors expansion - full game\age2_x1.exe |
"TCP Query User{0FCC4286-F60C-4EA1-9FBE-BEAEC82A63C0}C:\users\leslie\documents\command and conquer red alert 2\game.exe" = protocol=6 | dir=in | app=c:\users\leslie\documents\command and conquer red alert 2\game.exe |
"TCP Query User{114079E0-661E-4A92-9CB6-A6C1677E7C13}C:\users\leslie\documents\[ pc games ] - age of empires ii(full)\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\leslie\documents\[ pc games ] - age of empires ii(full)\age2_x1.exe |
"TCP Query User{18CE0FAF-793F-4EDE-8141-2A2159766DBA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{1C3E306C-31FE-49F5-8FDF-5080A31B00F0}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{1E34E2CD-2B92-45AC-9752-50EBCB95A5B8}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{20AD43A7-F794-4E42-8275-6B92737CAB37}C:\program files\ea games\command & conquer the first decade\command & conquer renegade™\renegade\game.exe" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer renegade™\renegade\game.exe |
"TCP Query User{24608817-4F7F-4108-AF3B-9B1D4A3B86A4}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{386BBABD-E247-4484-B600-CC7627C5B643}C:\ijji\english\u_gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_gunz.exe |
"TCP Query User{41B83504-18F0-47B3-BF26-7C377D2DA667}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{4C307505-D4ED-4F32-A81B-FF1E4EB4BA3C}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{5593D144-AC28-4F6E-86C1-939077845EFD}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{6F2DC30F-0013-4805-8A0B-2DC7474F12F8}C:\program files\steam\steamapps\xmasterofkhaosx\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\xmasterofkhaosx\day of defeat source\hl2.exe |
"TCP Query User{81FD9FBC-1227-4B32-8608-BB6D05ADF57E}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{95ADF102-B0DE-4A5B-83CB-83DA53D8F732}C:\users\eric powell\links\audio & visual\utorrent.exe" = protocol=6 | dir=in | app=c:\users\eric powell\links\audio & visual\utorrent.exe |
"TCP Query User{A0165314-F270-4669-AAE9-2F8E295BAE0F}C:\users\eric\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\eric\desktop\utorrent.exe |
"TCP Query User{A3590CA4-E772-4FD7-B6D6-B805B8ABE6C8}C:\program files\steam\steamapps\xmasterofkhaosx\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\xmasterofkhaosx\counter-strike source\hl2.exe |
"TCP Query User{A3D2C7CA-7235-4CD8-8A32-789B65CBDD62}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{B3862305-6BA9-4102-A155-2CAC5D19668A}C:\users\leslie\documents\[ pc games ] - age of empires ii(full)\empires2.exe" = protocol=6 | dir=in | app=c:\users\leslie\documents\[ pc games ] - age of empires ii(full)\empires2.exe |
"TCP Query User{B39B60B3-3379-4A94-BA46-933280A5B841}C:\program files\vlc player\vlc.exe" = protocol=6 | dir=in | app=c:\program files\vlc player\vlc.exe |
"TCP Query User{BBD0CDFE-F9FE-427D-9CBA-C99E329A504C}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=6 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
"TCP Query User{C4AD7CDD-FDFD-4570-A267-2D61EC13A802}C:\ut2004demo\system\ut2004.exe" = protocol=6 | dir=in | app=c:\ut2004demo\system\ut2004.exe |
"TCP Query User{CB03DD1E-314B-4654-A8BE-B94F40641D23}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{CE87636A-C727-4AA7-810D-78DACAF1A7CF}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{DBEFF3D4-8D14-4963-93A7-E966144BA9CB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{F4632526-3FAE-455C-86FF-70E1AFE25BDB}C:\gunz\gunz.exe" = protocol=6 | dir=in | app=c:\gunz\gunz.exe |
"TCP Query User{F65BF941-5787-44C1-90B0-CD2412136BD6}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{096439FE-0085-433A-ADEF-03191B5EBEA3}C:\program files\steam\steamapps\xmasterofkhaosx\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\xmasterofkhaosx\day of defeat source\hl2.exe |
"UDP Query User{50E370BC-B259-4472-8950-D1D51063AC31}C:\program files\vlc player\vlc.exe" = protocol=17 | dir=in | app=c:\program files\vlc player\vlc.exe |
"UDP Query User{540DF266-E682-44F7-BA7F-05F06D6415D7}C:\unreal anthology\unrealtournament\system\unrealtournament.exe" = protocol=17 | dir=in | app=c:\unreal anthology\unrealtournament\system\unrealtournament.exe |
"UDP Query User{5A47EDC5-44A7-483A-B694-B701D70CE3D6}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{5BF07F03-DB0A-4BAB-9DEB-3804A06A90E6}C:\age of empires 2 & the conquerors expansion - full game\age2_x1.exe" = protocol=17 | dir=in | app=c:\age of empires 2 & the conquerors expansion - full game\age2_x1.exe |
"UDP Query User{5F38CA2B-1F8C-465F-8082-83333415728F}C:\program files\ea games\command & conquer the first decade\command & conquer renegade™\renegade\game.exe" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer renegade™\renegade\game.exe |
"UDP Query User{6D0CB88B-99AE-4D8F-95EF-B3F3DF885DCD}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=17 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
"UDP Query User{6FB9553D-92CB-4135-AE3E-000C37E86FC4}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{7AA3010A-8DDF-4028-8171-4A4885335526}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{7FEE1DFA-D372-4530-92F2-1C1401563BB0}C:\ijji\english\u_gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_gunz.exe |
"UDP Query User{80892092-F4B1-4CED-A755-096967BEB5D3}C:\program files\steam\steamapps\xmasterofkhaosx\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\xmasterofkhaosx\counter-strike source\hl2.exe |
"UDP Query User{878E78B4-827C-45B2-8F59-9483540176C8}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{88E8841C-E4F2-4B48-BB9C-584BC67CFA57}C:\users\eric powell\links\audio & visual\utorrent.exe" = protocol=17 | dir=in | app=c:\users\eric powell\links\audio & visual\utorrent.exe |
"UDP Query User{892D1E89-E570-466B-8AF0-5C3E188B2B64}C:\ut2004demo\system\ut2004.exe" = protocol=17 | dir=in | app=c:\ut2004demo\system\ut2004.exe |
"UDP Query User{91225C31-6CE8-44DF-A841-BB36AD373B1A}C:\gunz\gunz.exe" = protocol=17 | dir=in | app=c:\gunz\gunz.exe |
"UDP Query User{9C0D0F04-3206-429E-84F4-C90150AE493A}C:\users\leslie\documents\command and conquer red alert 2\game.exe" = protocol=17 | dir=in | app=c:\users\leslie\documents\command and conquer red alert 2\game.exe |
"UDP Query User{A61ED943-2895-44A4-858F-7A0491E69E42}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{A7246E9E-69CB-4215-8CCB-1D9B018DF411}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{A9928FF4-B6FE-43D6-B3D9-24A85728A826}C:\users\eric\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\eric\desktop\utorrent.exe |
"UDP Query User{BCA12C3C-2C08-4581-8680-82617BBD8395}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{CD6D8FB2-498F-4B2E-AE1D-EE6117706782}C:\users\leslie\documents\[ pc games ] - age of empires ii(full)\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\leslie\documents\[ pc games ] - age of empires ii(full)\age2_x1.exe |
"UDP Query User{D4968AE4-8E9B-4373-9F4C-DF0B790A5CFB}C:\users\leslie\documents\[ pc games ] - age of empires ii(full)\empires2.exe" = protocol=17 | dir=in | app=c:\users\leslie\documents\[ pc games ] - age of empires ii(full)\empires2.exe |
"UDP Query User{D5BE6665-50AE-40BC-ACCF-B0A9EF05F72C}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{D62DB821-EBE9-448A-8A58-128D218E3817}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{DA313825-A5F8-4807-A469-BD1EEA7976DA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{E3C1EC02-7B06-4B63-95FE-072BD87AA7D9}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{FCD57234-D261-4621-93E8-856B0D0933A9}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{FE9C6545-DA97-4E74-92CE-DEF703A22891}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14AA72DA-DB40-4A34-93A6-401A81D7AF9E}" = Unreal Anthology
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4EF6FDB0-3B11-4820-9860-8E08E9965195}" = Snapfish Media Detector
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D26BF7B-BEF6-477D-8FC1-0C1C159B6364}_is1" = Quicksys RegDefrag 2.3
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8113B2B8-EC59-4BE8-963A-FBC5EC40B1CF}_is1" = Pod to PC version 3.212
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007
"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{E1C33B03-3FE9-45BF-91E4-0266F38618C6}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2007
"{90120000-0017-0409-0000-0000000FF1CE}_SharePointDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{BE06114F-559D-11E0-B5A1-001D0926B1BF}" = Google Earth
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"AOL Toolbar" = AOL Toolbar
"avast" = avast! Free Antivirus
"BitComet" = BitComet 1.06
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CopyTrans Suite" = CopyTrans Suite Remove Only
"Defraggler" = Defraggler
"Download Manager" = Download Manager 2.3.9
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"Free RAR Extract Frog" = Free RAR Extract Frog
"FrostWire" = FrostWire 4.21.1
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"ImgBurn" = ImgBurn
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"iPod To Computer Transfer_is1" = iPod To Computer Transfer 5.6
"LimeWire" = LimeWire 5.5.16
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MySpaceIM" = MySpaceIM
"Network MagicUninstall" = Network Magic
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"Palace" = Palace Uninstall
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"RealPlayer 6.0" = RealPlayer
"SharePointDesigner" = Microsoft Office SharePoint Designer 2007
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 240" = Counter-Strike: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"StreamTorrent 1.0" = StreamTorrent 1.0
"Veetle TV" = Veetle TV 0.9.17
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.7
"WinAce Archiver" = WinAce Archiver
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.2
"WinLiveSuite" = Windows Live Essentials
"Xilisoft AVI to DVD Converter" = Xilisoft AVI to DVD Converter
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-88176895-3416853917-3335570716-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/24/2011 5:49:37 PM | Computer Name = Home | Source = Windows Search Service | ID = 3013
Description =

Error - 5/24/2011 5:49:37 PM | Computer Name = Home | Source = Windows Search Service | ID = 3013
Description =

Error - 5/24/2011 5:49:37 PM | Computer Name = Home | Source = Windows Search Service | ID = 3013
Description =

Error - 5/24/2011 5:49:38 PM | Computer Name = Home | Source = Windows Search Service | ID = 3013
Description =

Error - 5/24/2011 5:49:38 PM | Computer Name = Home | Source = Windows Search Service | ID = 3013
Description =

Error - 5/24/2011 5:49:38 PM | Computer Name = Home | Source = Windows Search Service | ID = 3013
Description =

Error - 5/24/2011 5:49:38 PM | Computer Name = Home | Source = Windows Search Service | ID = 3013
Description =

Error - 5/24/2011 5:49:39 PM | Computer Name = Home | Source = Windows Search Service | ID = 3013
Description =

Error - 5/24/2011 5:49:39 PM | Computer Name = Home | Source = Windows Search Service | ID = 3013
Description =

Error - 5/24/2011 6:17:33 PM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6002.18005, time stamp
0x49e01e78, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x8242b16a, process id 0xc14, application start time
0x01cc1a5feafbc739.

[ OSession Events ]
Error - 2/17/2010 6:59:50 PM | Computer Name = Home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/24/2011 2:10:28 PM | Computer Name = Home | Source = Service Control Manager | ID = 7022
Description =

Error - 5/24/2011 5:14:55 PM | Computer Name = Home | Source = Service Control Manager | ID = 7031
Description =

Error - 5/24/2011 5:14:55 PM | Computer Name = Home | Source = Service Control Manager | ID = 7034
Description =

Error - 5/24/2011 5:15:06 PM | Computer Name = Home | Source = Service Control Manager | ID = 7034
Description =

Error - 5/24/2011 6:11:20 PM | Computer Name = Home | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:09:36 PM on 5/24/2011 was unexpected.

Error - 5/24/2011 6:13:08 PM | Computer Name = Home | Source = Service Control Manager | ID = 7000
Description =

Error - 5/24/2011 6:13:08 PM | Computer Name = Home | Source = Service Control Manager | ID = 7026
Description =

Error - 5/24/2011 6:13:46 PM | Computer Name = Home | Source = DCOM | ID = 10010
Description =

Error - 5/24/2011 6:16:57 PM | Computer Name = Home | Source = Service Control Manager | ID = 7022
Description =

Error - 5/24/2011 6:19:14 PM | Computer Name = Home | Source = Service Control Manager | ID = 7022
Description =


< End of report >

Attached Files

  • Attached File  MBR.zip   580bytes   1 downloads





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users