Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System Restore error

Started by butterrice , Aug 09 2009 12:08 AM

  • Please log in to reply

#1
butterrice
Posted 09 August 2009 - 12:08 AM

butterrice

    Member

  • Member
  • PipPipPip
  • 403 posts
I went through the Virus, Malware Guide. The step i could not complete was the System restore. I went through all of the other steps as told in the Live Chat, and tried the system Restore again. I got the same error. The computer I am on is running Windows Vista, computer is a HP Pavilion Entertainment PC. Below is all the information I'm to post beginning with the error message in detail:

1: Error Message

Microsoft.NET Framework



See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.Runtime.InteropServices.COMException (0x80070422): The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
at Microsoft.VisualBasic.CompilerServices.LateBinding.LateGet(Object o, Type objType, String name, Object[] args, String[] paramnames, Boolean[] CopyBack)
at Microsoft.VisualBasic.CompilerServices.NewLateBinding.LateGet(Object Instance, Type Type, String MemberName, Object[] Arguments, String[] ArgumentNames, Type[] TypeArguments, Boolean[] CopyBack)
at SysRestorePoint.Module1.CreateRestorePoint()
at SysRestorePoint.Form1.Form1_Load(Object eventSender, EventArgs eventArgs)
at System.EventHandler.Invoke(Object sender, EventArgs e)
at System.Windows.Forms.Form.OnLoad(EventArgs e)
at System.Windows.Forms.Form.OnCreateControl()
at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
at System.Windows.Forms.Control.CreateControl()
at System.Windows.Forms.Control.WmShowWindow(Message& m)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ScrollableControl.WndProc(Message& m)
at System.Windows.Forms.ContainerControl.WndProc(Message& m)
at System.Windows.Forms.Form.WmShowWindow(Message& m)
at System.Windows.Forms.Form.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)


************** Loaded Assemblies **************
mscorlib
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3074 (QFE.050727-3000)
CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
----------------------------------------
SysRestorePoint
Assembly Version: 1.3.0.0
Win32 Version: 1.3.0.0
CodeBase: file:///C:/Users/ARP/Desktop/SysRestorePoint.exe
----------------------------------------
Microsoft.VisualBasic
Assembly Version: 8.0.0.0
Win32 Version: 8.0.50727.3053 (netfxsp.050727-3000)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualBasic/8.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualBasic.dll
----------------------------------------
System
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3053 (netfxsp.050727-3000)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Windows.Forms
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3053 (netfxsp.050727-3000)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3053 (netfxsp.050727-3000)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.Runtime.Remoting
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3053 (netfxsp.050727-3000)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Runtime.Remoting/2.0.0.0__b77a5c561934e089/System.Runtime.Remoting.dll
----------------------------------------
System.Configuration
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3053 (netfxsp.050727-3000)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
System.Xml
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3074 (QFE.050727-3000)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------

************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.

2. MBAM Log:

Malwarebytes' Anti-Malware 1.40
Database version: 2583
Windows 6.0.6001 Service Pack 1

8/8/2009 10:03:50 PM
mbam-log-2009-08-08 (22-03-50).txt

Scan type: Quick Scan
Objects scanned: 82645
Time elapsed: 10 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 55
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\morerelevantadvertisingprogram.morerelevantadvertisingprogram (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\morerelevantadvertisingprogram.morerelevantadvertisingprogram.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4e8d6551-f9a4-6d01-4d4b-bfd7673c0e3e} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e8d6551-f9a4-6d01-4d4b-bfd7673c0e3e} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e8d6551-f9a4-6d01-4d4b-bfd7673c0e3e} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MoreRelevantAdvertisingProgram.dll (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MoreRelevantAdvertisingProgram (Adware.MoreRelevantAdvertising) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Rogue.PlayMp3) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SmileyApp (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data (Adware.DoubleD) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

3. RootRepeal Log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/09 01:41
Program Version: Version 1.3.3.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8C3E8000 Size: 45056 File Visible: No Signed: -
Status: -

Name: dump_msahci.sys
Image Path: C:\Windows\System32\Drivers\dump_msahci.sys
Address: 0x8C3F3000 Size: 40960 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA8519000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1128 Status: Locked to the Windows API!

==EOF==

4. OTL Log:

OTL logfile created on: 8/9/2009 1:45:29 AM - Run 1
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Users\ARP\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

501.31 Mb Total Physical Memory | 97.39 Mb Available Physical Memory | 19.43% Memory free
1.47 Gb Paging File | 0.62 Gb Available in Paging File | 42.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.31 Gb Total Space | 43.21 Gb Free Space | 63.26% Space Free | Partition Type: NTFS
Drive D: | 6.22 Gb Total Space | 0.79 Gb Free Space | 12.73% Space Free | Partition Type: NTFS
Drive E: | 21.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ARP-PC
Current User Name: ARP
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2006/11/28 18:10:12 | 00,063,080 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
PRC - [2006/10/19 17:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/05/25 09:41:54 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
PRC - [2007/05/25 09:41:38 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxddcoms.exe
PRC - [2009/01/23 11:46:14 | 00,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2007/08/15 13:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/07/24 13:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/07/18 13:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2006/05/02 18:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/11/01 19:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2008/10/29 02:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2007/12/05 11:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2008/01/19 03:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/10/18 13:56:54 | 00,317,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2006/10/18 13:32:36 | 00,472,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2008/03/13 09:34:28 | 00,081,920 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe
PRC - [2008/02/11 20:13:02 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/02/11 20:13:08 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/02/11 20:13:10 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/03/28 02:05:00 | 01,045,800 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/06/11 19:27:24 | 00,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/04/30 08:19:54 | 00,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/01/19 03:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2006/10/10 20:44:10 | 00,034,520 | ---- | M] (Hewlett Packard) -- C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
PRC - [2008/01/19 03:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009/03/02 22:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
PRC - [2006/11/02 14:24:10 | 00,491,606 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2008/01/25 02:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/03/28 02:06:00 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2009/07/21 17:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/21 17:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/08/09 01:43:53 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\ARP\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/06/26 13:50:08 | 00,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr [On_Demand | Stopped])
SRV - [2008/07/27 14:03:11 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [Auto | Running])
SRV - [2008/01/19 03:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008/06/19 21:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/01/29 13:09:58 | 00,165,416 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2008/12/01 11:59:52 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - File not found -- -- (gusvc [On_Demand | Stopped])
SRV - [2006/11/28 18:10:12 | 00,063,080 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service [Auto | Running])
SRV - [2006/05/02 18:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/19 21:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/10/19 17:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - File not found -- -- (LiveUpdate Notice Ex [Auto | Stopped])
SRV - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Running])
SRV - [2007/05/25 09:41:54 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\lxddserv.exe -- (lxddCATSCustConnectService [Auto | Running])
SRV - [2007/05/25 09:41:38 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxddcoms.exe -- (lxdd_device [Auto | Running])
SRV - [2009/01/23 11:46:14 | 00,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
SRV - [2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/01/25 02:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2007/11/07 10:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2007/08/15 13:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2007/07/24 13:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2007/12/05 11:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2007/07/18 13:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2008/06/19 21:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 18:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/11/06 17:31:14 | 00,887,544 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2006/11/01 15:17:32 | 00,073,728 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2008/01/19 03:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/19 03:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cantonrep.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://news.google.com/news"
FF - prefs.js..extensions.enabledItems: {872A1C39-DF0B-4c8b-AD84-12BA24A3B781}:3.4.0.0
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:2.2.7.1
FF - prefs.js..extensions.enabledItems: {469CEB59-8266-438b-91D9-82F56D595E15}:0.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.06
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081010W
FF - prefs.js..extensions.enabledItems: {2224E955-00E9-4613-A844-CE69FCCAAE91}:1.1.0.1400
FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:5.2.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20081205
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..keyword.URL: "http://slirsredirect...ir=2706&query="
FF - prefs.js..keyword.URL: "http://search.yahoo....8&fr=megaup&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/04/22 13:55:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/06/25 14:26:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/09 01:14:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2009/06/30 01:46:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2009/06/23 10:56:08 | 00,000,000 | ---D | M]

[2008/12/11 03:20:48 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\mozilla\Extensions
[2008/10/25 01:03:08 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/12/11 03:20:48 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\mozilla\Extensions\[email protected]
[2009/06/30 01:41:12 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\mozilla\Firefox\Profiles\ws3aox2u.default\extensions
[2008/10/25 01:44:26 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\mozilla\Firefox\Profiles\ws3aox2u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/11/14 00:39:21 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\mozilla\Firefox\Profiles\ws3aox2u.default\extensions\{469CEB59-8266-438b-91D9-82F56D595E15}
[2009/03/09 00:46:11 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\mozilla\Firefox\Profiles\ws3aox2u.default\extensions\{718c16dc-5826-4994-aa11-cd5cf6ed2458}
[2008/12/23 01:01:37 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\mozilla\Firefox\Profiles\ws3aox2u.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2008/04/19 02:51:00 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\mozilla\Firefox\Profiles\ws3aox2u.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2008/12/23 00:28:48 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\mozilla\Firefox\Profiles\ws3aox2u.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2008/12/06 23:01:43 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\mozilla\Firefox\Profiles\ws3aox2u.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}
[2008/10/27 01:42:21 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\mozilla\Firefox\Profiles\ws3aox2u.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2008/11/14 00:06:14 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\mozilla\Firefox\Profiles\ws3aox2u.default\extensions\[email protected]
[2008/12/06 23:01:44 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\mozilla\Firefox\Profiles\ws3aox2u.default\extensions\[email protected]
[2008/12/06 23:01:18 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\mozilla\Firefox\Profiles\ws3aox2u.default\extensions\[email protected]

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [WinPro.exe] C:\Program Files\LimeWire\WebPro.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/02 16:52:58 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{2ffcf2f3-409d-11dd-8068-001636bf1495}\Shell - "" = AutoRun
O33 - MountPoints2\{2ffcf2f3-409d-11dd-8068-001636bf1495}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4b1def12-5bc4-11de-9976-001636bf1495}\Shell - "" = AutoRun
O33 - MountPoints2\{4b1def12-5bc4-11de-9976-001636bf1495}\Shell\AutoRun\command - "" = G:\start.exe -- File not found
O33 - MountPoints2\{a33883fd-0e3e-11dd-983b-001636bf1495}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\start.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found

========== Files/Folders - Created Within 14 Days ==========

[17 C:\ProgramData\*.tmp files]
[2009/08/09 01:43:44 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\ARP\Desktop\OTL.exe
[2009/08/09 01:39:33 | 00,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat
[2009/08/09 01:38:20 | 00,462,996 | ---- | C] () -- C:\Users\ARP\Desktop\RootRepeal.zip
[2009/08/08 21:49:46 | 00,000,000 | ---D | C] -- C:\Users\ARP\AppData\Roaming\Malwarebytes
[2009/08/08 21:49:34 | 00,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/08 21:49:30 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/08 21:49:27 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/08/08 21:49:26 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/08/08 21:49:25 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/08 21:47:37 | 03,942,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\ARP\Desktop\mbam-setup.exe
[2009/08/08 21:46:12 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/08/08 21:44:58 | 00,000,693 | ---- | C] () -- C:\Users\ARP\Desktop\NTREGOPT.lnk
[2009/08/08 21:44:58 | 00,000,674 | ---- | C] () -- C:\Users\ARP\Desktop\ERUNT.lnk
[2009/08/08 21:44:55 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/08 21:42:45 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\ARP\Desktop\erunt_setup.exe
[2009/08/08 21:16:30 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Users\ARP\Desktop\SysRestorePoint.exe
[2009/08/08 20:56:44 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/08/08 20:42:31 | 00,272,384 | ---- | C] (OldTimer Tools) -- C:\Users\ARP\Desktop\TFC.exe

========== Files - Modified Within 14 Days ==========

[17 C:\ProgramData\*.tmp files]
[2009/08/09 01:43:53 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\ARP\Desktop\OTL.exe
[2009/08/09 01:39:33 | 00,000,000 | ---- | M] () -- C:\Windows\System32\settings.dat
[2009/08/09 01:38:31 | 00,462,996 | ---- | M] () -- C:\Users\ARP\Desktop\RootRepeal.zip
[2009/08/09 01:24:08 | 00,019,373 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2009/08/09 01:22:56 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/09 01:22:55 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/09 01:22:26 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/09 01:22:22 | 00,444,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/08/09 01:22:12 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/09 01:17:47 | 03,379,943 | -H-- | M] () -- C:\Users\ARP\AppData\Local\IconCache.db
[2009/08/08 21:49:34 | 00,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/08 21:47:46 | 03,942,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\ARP\Desktop\mbam-setup.exe
[2009/08/08 21:44:58 | 00,000,693 | ---- | M] () -- C:\Users\ARP\Desktop\NTREGOPT.lnk
[2009/08/08 21:44:58 | 00,000,674 | ---- | M] () -- C:\Users\ARP\Desktop\ERUNT.lnk
[2009/08/08 21:42:50 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\ARP\Desktop\erunt_setup.exe
[2009/08/08 21:16:38 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Users\ARP\Desktop\SysRestorePoint.exe
[2009/08/08 20:43:42 | 00,272,384 | ---- | M] (OldTimer Tools) -- C:\Users\ARP\Desktop\TFC.exe
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== LOP Check ==========

[2009/08/08 21:49:46 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming
[2008/12/18 01:55:26 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\acccore
[2008/04/26 16:48:34 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\Arcsoft
[2008/05/16 12:40:23 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\com.vtc.VTCPlayer.D5188E03315CA913E5343274F88EC3A0C3CECFF5.1
[2008/01/25 14:58:51 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\CyberLink
[2008/04/21 01:12:37 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\FaxCtr
[2008/11/27 03:45:44 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\FileVOoM
[2009/04/27 22:54:59 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\FrostWire
[2008/12/18 02:10:18 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\HotSync
[2008/07/31 00:11:02 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\Lexmark Productivity Studio
[2009/07/13 07:52:07 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\LimeWire
[2008/05/20 01:22:09 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\MSNInstaller
[2009/06/23 10:56:19 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\Netscape
[2009/06/17 23:50:11 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\OpenCandy
[2008/06/27 16:38:49 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\Roxio
[2008/02/10 03:07:23 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\SoundSpectrum
[2008/02/04 03:10:39 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\Template
[2008/06/27 17:29:45 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\U3
[2008/01/26 23:53:36 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\WildTangent
[2009/06/23 10:45:08 | 00,000,000 | ---D | M] -- C:\Users\ARP\AppData\Roaming\ZiggyTV
[2009/02/15 02:26:49 | 00,000,336 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2009/03/28 11:22:09 | 00,000,334 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2009/08/09 01:22:26 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/08/09 01:19:25 | 00,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
< End of report >

5. Extras Log:

OTL Extras logfile created on: 8/9/2009 1:45:29 AM - Run 1
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Users\ARP\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

501.31 Mb Total Physical Memory | 97.39 Mb Available Physical Memory | 19.43% Memory free
1.47 Gb Paging File | 0.62 Gb Available in Paging File | 42.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.31 Gb Total Space | 43.21 Gb Free Space | 63.26% Space Free | Partition Type: NTFS
Drive D: | 6.22 Gb Total Space | 0.79 Gb Free Space | 12.73% Space Free | Partition Type: NTFS
Drive E: | 21.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ARP-PC
Current User Name: ARP
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000131B6-14D4-4A76-B1D9-D0B11038B314}" = rport=445 | protocol=6 | dir=out | app=system |
"{04C7D621-81EA-4627-8838-38CFD7288F28}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{09E7565F-2ECF-452D-8301-BFA388FCF3FF}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe |
"{0AB605FF-D82F-4FFE-B647-D6AD5A5BB108}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{0E6DF558-EF69-43A6-A9D5-EFABAE48A129}" = lport=2869 | protocol=6 | dir=in | app=system |
"{114ADCDB-B6EF-48FE-88F4-8080332EA2F7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{1ADE788F-9D5E-4B9E-886D-EC5441DEAA77}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{328D45C8-4AA7-4E46-8520-7B9B8CA62E83}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3F73B78F-7DB1-40DB-838C-DF8FE1A09664}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{4865ED3A-D2A4-4856-B151-EBB0BD307893}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{4ADF41E5-BD6D-4F71-9DEA-EA3B498844C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4B99B365-BE36-4441-AC98-D68C11D6ADFC}" = lport=445 | protocol=6 | dir=in | app=system |
"{54790DE4-6E66-41F4-A2C3-F7FD2D72D10D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{64A7EA71-4942-42B3-BF85-513B02B949D6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{6E80A08B-C41D-45E7-9A65-74E8DC427D75}" = lport=138 | protocol=17 | dir=in | app=system |
"{6E9C7C61-FA1F-4EE7-AEF8-575B9CD89D81}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{705EEFBD-C048-4E1F-BC62-CD94023DD063}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{7C8A5B09-69AA-4209-AE38-C9C7E98286C4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{85DA6A9F-C57A-44BE-A32B-21B4B26CE7C2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{900FAB02-4BA4-46B9-8350-08D32CDDEEBB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{97596D8C-0A37-4659-ABAE-344F98B4A497}" = rport=138 | protocol=17 | dir=out | app=system |
"{97F5134F-FF3A-4D22-97EC-9CB0B93921F1}" = rport=139 | protocol=6 | dir=out | app=system |
"{9E9C0E2B-52DF-4AB8-80EE-9012354A0A1F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A2B07E15-960A-4F67-985D-80E69F91E804}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{A3B80E7E-1814-45C5-BC8A-9B61B24373F3}" = rport=137 | protocol=17 | dir=out | app=system |
"{BCE67433-0065-472F-8BF9-03C0F01C94F1}" = lport=137 | protocol=17 | dir=in | app=system |
"{C3DF3736-DE98-45E9-BC0B-40BDBB7F5EBD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{E3145737-490E-4919-8D1C-84110F0CBB5A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E55628B9-9E69-4E0B-944B-0E08097784A4}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe |
"{F53880E2-7B42-42A5-BB4C-43908FD353AA}" = lport=139 | protocol=6 | dir=in | app=system |
"{F5E56F4C-8A2F-48A8-82B0-58755DC1AA29}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0583C350-2ED5-4041-AF7F-E5B5EA5F5510}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{0978F99B-D46E-45AC-B3C6-753C4E93A13B}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{0E2097B5-9663-4E8E-8ED1-E97D40041CF7}" = protocol=6 | dir=out | app=system |
"{0F7C8EB5-3C39-4DB4-B3AE-D5B7666356C6}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{132A33DF-1721-4047-9AF7-5DD82B18AC57}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe |
"{150784E9-1D23-4AE4-BC64-D8DAAC482080}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{309550FA-19A6-4732-90E9-8036595B54EB}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1230008188\ee\aolsoftware.exe |
"{3546DBBF-E1A8-4A5E-96AC-76B1FC9F1DB2}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1230008188\ee\aoldesktop.exe |
"{364D6AD9-A559-48AA-B780-2EAA9A9C2F07}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{400970EB-C5F3-49A6-9207-BF420522C0C0}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{48566B95-F1BC-4519-AE29-5A3830C51492}" = protocol=1 | dir=in | [email protected],-28543 |
"{499E2186-5ED7-4327-A49C-3E2AA2EC7718}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{4FA39EE4-A9A8-47A6-B544-10A6EC1A5BFA}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{51D90231-337A-47C7-88DB-E1BFB1182730}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{61D4D4DA-69D2-4627-B48C-62B96AA12F8D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1230008188\ee\aolsoftware.exe |
"{633A72B9-5E68-4A8B-A22E-6B37FACA0FEA}" = protocol=1 | dir=out | [email protected],-28544 |
"{672B737C-88AC-4A76-9BC5-49CC1F9D31E4}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{6A581B50-B79A-4CF6-A2BA-9AE8240F1C8B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{7084A0E0-5455-4E4D-9A8A-423C5A9540FE}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{71EB9DB8-0DD2-43D2-B559-D7D7D0B35BAE}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{78AEF268-8AB4-4549-9B22-DB99269FD117}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{86018E1D-07E9-47C1-A886-0FB8D5281C44}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{86326AF9-DF78-48B8-9A7F-68DDEB167FB5}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{8BB331BF-4637-4B7E-A9A4-3EDDAF2E89A3}" = protocol=58 | dir=in | [email protected],-28545 |
"{8F0BB191-B90D-486D-BFA5-14FE2FBCE996}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{92D652AC-FD56-42FD-94D4-AC11F46BA325}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{A461E6F0-3AB2-406F-A859-C19349ED326A}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{A469CC8D-F126-4B65-8361-879879D20185}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{AB99137F-4A50-4021-9ECA-50ADAB664CED}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{B8F6EB36-9249-42B1-8876-009690FC710B}" = protocol=6 | dir=out | app=system |
"{BAE8C0C2-7856-4DE3-B44A-C131D0071BA1}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{C5985C7D-A459-42CD-9651-91D961A2B26F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{CA71AEAF-0CA7-4318-9C9A-99E3949F614C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{D72F34CD-4654-4E5A-B1A4-011F0A18893D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{E2876BC3-5698-4CB7-A6C8-EC3EE7764B19}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{E73FA983-059C-46D2-87A7-9AF53B5980D3}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe |
"{E75C631D-1B9E-4F6F-BE09-2068C898A7E2}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{E90C0C9A-48CE-4A57-B7D7-C290EAFA7826}" = protocol=58 | dir=out | [email protected],-28546 |
"{EAD9370A-3E2C-4DB0-AF22-7BB028E89D40}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{EE1D858F-26C3-458D-9F5A-0FE8CA5650D4}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1230008188\ee\aoldesktop.exe |
"{F04399DD-8022-4B59-937E-3C20542DC258}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{F0C7D668-15FD-404F-BBB3-4B16A12F3EC5}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{F2ED5927-E835-4069-BDFB-55C88986DF50}" = protocol=6 | dir=out | app=system |
"{F51E9923-5206-46AB-BBF5-75FA10258483}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{FC4F6389-3B4D-4EBF-9EF3-484600897772}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{06ED4F46-D43A-478B-9B7C-68A06572B124}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{2557C294-7F73-4744-8D66-0678EBC6B34B}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{502A4379-C6C2-4E54-A992-4B29EB6AA97A}C:\program files\limewire\ieembed.exe" = protocol=6 | dir=in | app=c:\program files\limewire\ieembed.exe |
"TCP Query User{5DFFCFCA-691F-4C20-9B63-AC4FF3FB8DA7}C:\program files\myspace\im\myspaceim.exe" = protocol=6 | dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"TCP Query User{7FC44DCD-1865-435A-9F89-1DBEF09F1ACD}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{92C8E78B-9958-4EB1-BF17-CA0180389D12}C:\program files\lexmark 2500 series\lxddamon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 2500 series\lxddamon.exe |
"TCP Query User{C3BE7716-66A0-43DB-9CF7-CA16C4425E2F}C:\program files\lexmark 2500 series\lxddamon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 2500 series\lxddamon.exe |
"TCP Query User{DE71CBF6-00F1-486F-9F7D-96EB17CCA80F}C:\program files\common files\aol\1230008188\ee\aoldesktop.exe" = protocol=6 | dir=in | app=c:\program files\common files\aol\1230008188\ee\aoldesktop.exe |
"TCP Query User{F780A911-161D-4095-BE47-201332E98349}C:\program files\limewire\ieembed.exe" = protocol=6 | dir=in | app=c:\program files\limewire\ieembed.exe |
"UDP Query User{03809ED8-0373-4965-9C12-9E9A3B92C2F3}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{22811F11-D608-49F0-BB8B-8D47F28EF3F2}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{3C7B1369-BC04-417C-B8FF-CA434F88421D}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{4DDA4B1B-319D-4E1B-A176-5581404B95B7}C:\program files\common files\aol\1230008188\ee\aoldesktop.exe" = protocol=17 | dir=in | app=c:\program files\common files\aol\1230008188\ee\aoldesktop.exe |
"UDP Query User{8E846E6A-52B8-45ED-BD66-60EE112AA498}C:\program files\limewire\ieembed.exe" = protocol=17 | dir=in | app=c:\program files\limewire\ieembed.exe |
"UDP Query User{C5D97AB8-96BE-4D4D-A6A1-7136D82EE8F2}C:\program files\limewire\ieembed.exe" = protocol=17 | dir=in | app=c:\program files\limewire\ieembed.exe |
"UDP Query User{CDD493A1-8815-41EA-8325-9FB445965694}C:\program files\lexmark 2500 series\lxddamon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 2500 series\lxddamon.exe |
"UDP Query User{EE1BBB7E-8BCC-4E7F-8548-7FA42154A732}C:\program files\lexmark 2500 series\lxddamon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 2500 series\lxddamon.exe |
"UDP Query User{EECEA942-9FCE-4E25-8523-C876A03419AA}C:\program files\myspace\im\myspaceim.exe" = protocol=17 | dir=in | app=c:\program files\myspace\im\myspaceim.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}" = HP Wireless Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21E62565-8639-457C-B64C-A3FF0A8B4D80}" = HP Active Support Library
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 B9
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.0
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C6999B2-1A35-4F2C-8DB7-3CB46B640CC9}" = ConsumerUpdate
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{99C5770C-1C90-42E7-9B74-D47CFAF14621}" = muvee autoProducer 5.0
"{A09B2DA7-8004-4252-B52C-92FFEA2C5DBD}" = Desktop Smiley Toolbar
"{A12A3DED-CCDA-4F29-A1BA-00F0C6521CD5}" = HP Total Care Advisor
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFA9D219-A7FD-4240-8793-E5C7C9D715F4}" = IKEA Home Planner
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C6AA3FB7-804F-4808-AD91-B62D6ED9B788}" = Windows Vista Upgrade Advisor
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DD040AAA-F295-492B-AD91-C8DC24488273}" = Photo Explosion Special Edition
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}" = HP Help and Support
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E7875036-3CFC-4F0F-A470-8EADFFE43F6C}" = Hallmark Card Studio Express
"{ED4905E3-2B32-4DD8-BC14-7CAFD30E9ECD}" = HP User Guide 0048
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_Installer32
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Toolbar for Firefox" = AOL Toolbar for Firefox
"AVIConverter" = AVIConverter CHN-EN Package
"CNXT_HDAUDIO" = Conexant HD Audio
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Desktop Smiley Toolbar" = Desktop Smiley Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ERUNT_is1" = ERUNT 1.1j
"FrostWire" = FrostWire 4.17.2
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HPOOVClient-6811507 Uninstaller" = HP Connections (remove only)
"Lexmark 2500 Series" = Lexmark 2500 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"LimeWire" = LimeWire 5.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"Netscape Navigator (9.0.0.6)" = Netscape Navigator (9.0.0.6)
"PROSet" = Intel® Network Connections Drivers
"SprintMusicManagerA" = Sprint music manager
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent hplaptop Master Uninstall" = My HP Games
"Yahoo! Applications" = AT&T Yahoo! Applications

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/21/2009 4:37:32 AM | Computer Name = ARP-PC | Source = Google Update | ID = 20
Description =

Error - 6/22/2009 11:30:11 PM | Computer Name = ARP-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18702 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1618 Start Time: 01c9f3b28018d890 Termination Time: 0

Error - 6/23/2009 10:34:37 AM | Computer Name = ARP-PC | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6001.16503, time
stamp 0x483b99af, faulting module TQUERY.DLL, version 7.0.6001.16503, time stamp
0x483b9a35, exception code 0xc0000005, fault offset 0x0011ab8b, process id 0xa90,
application start time 0x01c9f24a8607315a.

Error - 7/4/2009 9:54:14 PM | Computer Name = ARP-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18702 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 660 Start Time: 01c9fcc79d9b1e50 Termination Time: 3541

Error - 7/4/2009 10:07:03 PM | Computer Name = ARP-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18702 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1738 Start Time: 01c9fd138b356cb0 Termination Time: 0

Error - 7/4/2009 10:09:09 PM | Computer Name = ARP-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18702 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1ecc Start Time: 01c9fd1548e83d90 Termination Time: 31

Error - 7/5/2009 11:37:51 PM | Computer Name = ARP-PC | Source = Application Error | ID = 1000
Description = Faulting application HpqSRmon.exe, version 11.0.0.142, time stamp
0x47d78822, faulting module HpqSRmon.exe, version 11.0.0.142, time stamp 0x47d78822,
exception code 0xc0000005, fault offset 0x000033c5, process id 0x788, application
start time 0x01c9fdeb01f52a4e.

Error - 7/8/2009 2:41:27 PM | Computer Name = ARP-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/9/2009 11:30:03 AM | Computer Name = ARP-PC | Source = Application Error | ID = 1000
Description = Faulting application SYSTRAY.EXE, version 4.10.0.2224, time stamp
0x38768cab, faulting module BatMeter.dll!CreateBatMeter, version 6.0.6001.18000,
time stamp 0x4791a7a6, exception code 0xc0000139, fault offset 0x00009cac, process
id 0x14ec, application start time 0x01ca00aa1c54c457.

Error - 7/9/2009 11:37:29 AM | Computer Name = ARP-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ OSession Events ]
Error - 8/2/2008 3:06:58 AM | Computer Name = ARP-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1475
seconds with 1380 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/30/2008 11:58:55 PM | Computer Name = ARP-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 7/31/2008 12:02:30 AM | Computer Name = ARP-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 8/1/2008 1:47:27 AM | Computer Name = ARP-PC | Source = DCOM | ID = 10010
Description =

Error - 8/1/2008 1:49:56 AM | Computer Name = ARP-PC | Source = HTTP | ID = 15016
Description =

Error - 8/1/2008 1:51:28 AM | Computer Name = ARP-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/1/2008 1:51:28 AM | Computer Name = ARP-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 8/1/2008 1:51:28 AM | Computer Name = ARP-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/1/2008 3:05:50 AM | Computer Name = ARP-PC | Source = Print | ID = 6161
Description = The document Axiaapp_Ancillary.pdf, owned by ARP, failed to print
on printer Lexmark 2500 Series. Try to print the document again, or restart the
print spooler. Data type: LEMF. Size of the spool file in bytes: 1178706. Number
of bytes printed: 0. Total number of pages in the document: 2. Number of pages
printed: 1. Client computer: \\ARP-PC. Win32 error code returned by the print processor:
0. The operation completed successfully.

Error - 8/1/2008 3:07:19 AM | Computer Name = ARP-PC | Source = Print | ID = 6161
Description = The document Axiaapp_Ancillary.pdf, owned by ARP, failed to print
on printer Lexmark 2500 Series. Try to print the document again, or restart the
print spooler. Data type: LEMF. Size of the spool file in bytes: 1178706. Number
of bytes printed: 0. Total number of pages in the document: 2. Number of pages
printed: 1. Client computer: \\ARP-PC. Win32 error code returned by the print processor:
0. The operation completed successfully.

Error - 8/1/2008 3:15:23 AM | Computer Name = ARP-PC | Source = Service Control Manager | ID = 7031
Description =


< End of report >


Any help would be great! My computer is running slow. as I type this it's taking a couple of seconds between characters.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP