Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware Defense


  • Please log in to reply

#1
Jon_Skelington

Jon_Skelington

    New Member

  • Member
  • Pip
  • 1 posts
It appears that Malware Defense has installed itself onto my computer.

*edit* It is also adding pornography onto the desktop and slowing down the computer a great deal, I need this fixed for my family and my job. (sorry if editing this bumped it)

I run Windows Vista Home Premium.

I downloaded Gmer and Malwarebytes but they wont run. I tried renaming mbam-setup but still no luck

Thankfully OTL worked, here's the OTL-file:



OTL logfile created on: 12/31/2009 3:19:43 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Jonathan\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.56 Gb Total Space | 121.31 Gb Free Space | 42.18% Space Free | Partition Type: NTFS
Drive D: | 10.53 Gb Total Space | 1.41 Gb Free Space | 13.39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JONATHAN-PC
Current User Name: Jonathan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/31 15:17:20 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Jonathan\Downloads\OTL.exe
PRC - [2009/12/30 20:17:11 | 00,560,128 | ---- | M] (Microsoft Corporation) -- C:\Users\Jonathan\AppData\Local\Temp\wscsvc32.exe
PRC - [2009/12/30 20:17:10 | 00,716,800 | ---- | M] (Microsoft Corporation) -- C:\Users\Jonathan\AppData\Local\Temp\settdebugx.exe
PRC - [2009/11/12 21:38:54 | 00,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/09/30 13:22:48 | 00,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2009/05/22 15:48:21 | 00,144,384 | -H-- | M] () -- C:\Users\Jonathan\AppData\Roaming\Microsoft\sssvchost.exe
PRC - [2009/04/26 14:54:31 | 00,302,080 | RHS- | M] (Microsoft Corporation) -- C:\Windows\winup.exe
PRC - [2009/04/25 17:37:53 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/19 20:16:19 | 00,285,696 | -H-- | M] () -- C:\Users\Jonathan\AppData\Roaming\Microsoft\mconfig.exe
PRC - [2009/04/14 20:42:04 | 00,227,840 | ---- | M] () -- C:\Users\Jonathan\AppData\Roaming\Microsoft\iexplorer.exe
PRC - [2009/04/09 11:10:17 | 00,302,080 | RHS- | M] () -- C:\Windows\test.exe
PRC - [2009/03/18 17:50:30 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2009/01/29 17:11:32 | 00,052,392 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/01/06 13:06:36 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/01/06 13:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/01/05 16:18:48 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/10/29 01:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/29 01:29:41 | 00,208,896 | RHS- | M] () -- C:\Windows\System32\updater.exe
PRC - [2008/08/14 16:15:46 | 02,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 16:11:48 | 00,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 16:11:14 | 00,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/07/26 07:25:36 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 07:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/04/17 07:21:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/03/17 20:07:02 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/03/14 20:31:38 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2008/01/22 12:35:52 | 00,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/01/20 21:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/20 21:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/20 21:23:50 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/01/20 21:23:32 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2007/09/13 20:50:00 | 01,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/08/02 15:33:50 | 00,080,528 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\Mabinogi\npkcmsvc.exe
PRC - [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/04/18 10:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/04/07 04:56:47 | 00,132,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
PRC - [2006/11/02 07:35:35 | 00,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2005/10/27 17:00:22 | 00,299,008 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CamTray.exe


========== Modules (SafeList) ==========

MOD - [2009/12/31 15:17:20 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Jonathan\Downloads\OTL.exe
MOD - [2008/07/26 07:25:24 | 00,109,080 | ---- | M] (Logitech Inc.) -- C:\Windows\Temp\logishrd\LVPrcInj01.dll
MOD - [2008/01/20 21:23:44 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/09 13:14:09 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/25 17:37:14 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9c5f66628c380) Google Update Service (gupdate1c9c5f66628c380)
SRV - [2009/03/24 18:51:20 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/16 19:39:00 | 02,800,669 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/01/06 13:06:24 | 00,536,872 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/09/02 01:37:42 | 00,262,144 | ---- | M] (KALiNKOsoft) [Auto | Stopped] -- C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe -- (PinnacleUpdateSvc)
SRV - [2008/07/26 07:25:36 | 00,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 07:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/04/17 07:21:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/03/17 20:07:02 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/03/14 20:31:38 | 00,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/01/22 12:35:52 | 00,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/01/20 21:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/04 19:41:34 | 00,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/08/24 05:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/08/02 15:33:50 | 00,080,528 | ---- | M] (INCA Internet Co., Ltd.) [Auto | Running] -- C:\Nexon\Mabinogi\npkcmsvc.exe -- (npkcmsvc)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/01 07:37:42 | 00,016,384 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2005/04/04 02:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.2.1
FF - prefs.js..extensions.enabledItems: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}:1.0.3.93
FF - prefs.js..extensions.enabledItems: [email protected]:1.5
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.8.8.3
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.1


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/04/25 17:38:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/22 08:38:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/30 22:10:00 | 00,000,000 | ---D | M]

[2009/12/30 20:29:48 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Extensions
[2009/12/30 20:29:48 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/12/31 14:34:46 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\qe0dxqsc.default\extensions
[2009/11/28 17:05:22 | 00,000,000 | ---D | M] () -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\qe0dxqsc.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
[2009/09/17 12:40:41 | 00,000,000 | ---D | M] (FoxTab) -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\qe0dxqsc.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009/10/20 21:12:16 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\qe0dxqsc.default\extensions\[email protected]
[2009/12/22 20:44:38 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\qe0dxqsc.default\extensions\[email protected]
[2009/04/03 15:08:13 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\qe0dxqsc.default\extensions\[email protected]
[2009/06/30 21:43:11 | 00,007,976 | ---- | M] () -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\qe0dxqsc.default\searchplugins\oneriot-social-web-search.xml
[2009/12/31 14:34:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/03 19:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2008/07/08 16:07:06 | 00,040,960 | ---- | M] (BYOND) -- C:\Program Files\Mozilla Firefox\plugins\npbyond.dll
[2009/07/02 23:34:44 | 00,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009/09/15 13:19:59 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: (335264 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 11490 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Nod32 Service] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SpybotSnD] C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [test] C:\Windows\test.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Turbine Download Manager Tray Icon] C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe File not found
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [Windows] C:\Windows\System32\Windows\system.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows UDP] C:\Windows\winup.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Updater] updater.exe ()
O4 - HKLM..\Run: [winlogon] C:\Windows\System32\System32\System File.exe File not found
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [iexplorer.exe] C:\Users\Jonathan\AppData\Roaming\Microsoft\iexplorer.exe ()
O4 - HKCU..\Run: [Malware Defense] C:\Program Files\Malware Defense\mdefense.exe File not found
O4 - HKCU..\Run: [mconfig] C:\Users\Jonathan\AppData\Roaming\Microsoft\mconfig.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [settdebugx.exe] C:\Users\Jonathan\AppData\Local\Temp\settdebugx.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe File not found
O4 - HKCU..\Run: [sssvchost.exe] C:\Users\Jonathan\AppData\Roaming\Microsoft\sssvchost.exe ()
O4 - HKCU..\Run: [system] C:\Windows\System32\Windows\system.exe File not found
O4 - HKCU..\Run: [winlogon] C:\Windows\System32\System32\System File.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunServices: [Nod32 Service] File not found
O4 - HKLM..\RunServices: [Windows Updater] updater.exe ()
O4 - Startup: C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = C:\Users\Jonathan\AppData\Local\Temp\{B0FA4304-FA6A-4098-BAF0-37698B62EBD6}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoThumbnail = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} http://dist.globalga...ffyLauncher.cab (NeffyLauncherCtl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/25 22:01:32 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{35b1d64a-eae5-11dd-b3ec-0022153e68df}\Shell\AutoRun\command - "" = L:\driver\usb\–‡‘Š•†‘€ŒŽ
O33 - MountPoints2\{35b1d64a-eae5-11dd-b3ec-0022153e68df}\Shell\open\command - "" = L:\driver\usb\–‡‘Š•†‘€ŒŽ
O33 - MountPoints2\{f137aac6-fce8-11dd-8741-0022153e68df}\Shell\AutoRun\command - "" = J:\driver\usb\–‡‘Š•†‘€ŒŽ
O33 - MountPoints2\{f137aac6-fce8-11dd-8741-0022153e68df}\Shell\open\command - "" = J:\driver\usb\–‡‘Š•†‘€ŒŽ
O33 - MountPoints2\{ffe079e1-0ef9-11de-a08c-0022153e68df}\Shell - "" = AutoRun
O33 - MountPoints2\{ffe079e1-0ef9-11de-a08c-0022153e68df}\Shell\AutoRun\command - "" = K:\setup.exe -- File not found
O33 - MountPoints2\{ffe079e1-0ef9-11de-a08c-0022153e68df}\Shell\directx\command - "" = K:\DirectX\dxsetup.exe -- File not found
O33 - MountPoints2\{ffe079e1-0ef9-11de-a08c-0022153e68df}\Shell\setup\command - "" = K:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 21:34:27 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009/12/31 14:25:23 | 00,000,000 | ---D | C] -- C:\Program Files\Malware Defense
[2009/12/31 14:15:46 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/31 14:15:44 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/31 14:15:43 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/31 13:31:18 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/30 23:12:29 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/12/30 21:46:12 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/27 16:06:13 | 00,000,000 | ---D | C] -- C:\Program Files\Creative Labs
[2009/12/23 22:05:04 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2009/12/23 22:05:04 | 00,000,000 | ---D | C] -- C:\Windows\System32\AGEIA
[2009/12/23 22:00:22 | 00,000,000 | ---D | C] -- C:\Program Files\Zombie Driver
[2009/12/21 18:53:36 | 00,000,000 | ---D | C] -- C:\Program Files\Softnyx
[2009/12/20 22:15:36 | 00,000,000 | ---D | C] -- C:\Program Files\Runic Games
[2009/12/20 22:15:36 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\Runic
[2009/12/20 18:09:40 | 00,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2009/12/19 12:58:00 | 00,000,000 | ---D | C] -- C:\Users\Jonathan\AppData\Local\Stardock
[2009/12/18 10:50:45 | 00,000,000 | ---D | C] -- C:\Users\Jonathan\Documents\Electronic Arts
[2009/12/18 10:46:39 | 00,000,000 | ---D | C] -- C:\Windows\System32\directx
[2009/12/17 23:43:10 | 00,000,000 | ---D | C] -- C:\Users\Jonathan\AppData\Local\RoEPowerTools
[2009/12/17 23:36:57 | 00,000,000 | ---D | C] -- C:\Users\Jonathan\Documents\RoEPowerTools Saved Files
[2009/12/17 23:36:57 | 00,000,000 | ---D | C] -- C:\Program Files\RealmOfEmpires.com
[2009/01/23 21:26:44 | 01,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll

========== Files - Modified Within 14 Days ==========

[2009/12/31 15:21:08 | 08,126,464 | ---- | M] () -- C:\Users\Jonathan\ntuser.dat
[2009/12/31 14:59:04 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/31 14:15:48 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\booyah.lnk
[2009/12/31 13:55:57 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/12/31 13:53:59 | 00,000,160 | ---- | M] () -- C:\Windows\System32\srcr.dat
[2009/12/31 13:53:57 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/31 13:53:41 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/31 13:53:41 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/31 13:53:36 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/31 13:53:29 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/31 13:52:12 | 00,524,288 | -HS- | M] () -- C:\Users\Jonathan\ntuser.dat{e8bd65d0-f5b7-11de-995f-0022153e68df}.TMContainer00000000000000000001.regtrans-ms
[2009/12/31 13:52:12 | 00,065,536 | -HS- | M] () -- C:\Users\Jonathan\ntuser.dat{e8bd65d0-f5b7-11de-995f-0022153e68df}.TM.blf
[2009/12/31 13:51:48 | 02,589,201 | -H-- | M] () -- C:\Users\Jonathan\AppData\Local\IconCache.db
[2009/12/31 13:49:48 | 00,663,578 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/31 13:49:48 | 00,571,822 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/31 13:49:48 | 00,098,234 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/31 13:31:18 | 00,000,735 | ---- | M] () -- C:\Users\Jonathan\Desktop\NTREGOPT.lnk
[2009/12/31 13:31:18 | 00,000,716 | ---- | M] () -- C:\Users\Jonathan\Desktop\ERUNT.lnk
[2009/12/31 07:48:43 | 00,119,296 | ---- | M] () -- C:\Windows\System32\zlib.dll
[2009/12/30 22:12:51 | 00,001,356 | ---- | M] () -- C:\Users\Jonathan\AppData\Local\d3d9caps.dat
[2009/12/30 21:56:10 | 00,524,288 | -HS- | M] () -- C:\Users\Jonathan\ntuser.dat{e8bd65d0-f5b7-11de-995f-0022153e68df}.TMContainer00000000000000000002.regtrans-ms
[2009/12/30 21:32:31 | 00,524,288 | -HS- | M] () -- C:\Users\Jonathan\NTUSER.DAT{a695d0ef-0046-11de-a4e7-0022153e68df}.TMContainer00000000000000000001.regtrans-ms
[2009/12/30 21:32:31 | 00,065,536 | -HS- | M] () -- C:\Users\Jonathan\NTUSER.DAT{a695d0ef-0046-11de-a4e7-0022153e68df}.TM.blf
[2009/12/30 21:04:32 | 00,000,670 | ---- | M] () -- C:\Windows\System32\krl32mainweq.dll
[2009/12/30 20:15:55 | 00,000,008 | ---- | M] () -- C:\ProgramData\sysReserve.ini
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/30 14:02:30 | 00,000,340 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2009/12/27 16:11:09 | 00,000,000 | -HS- | M] () -- C:\Windows\nvDrv.sy
[2009/12/24 10:07:09 | 00,010,088 | ---- | M] () -- C:\Users\Jonathan\Documents\RoE Log.docx
[2009/12/21 19:17:28 | 00,060,928 | ---- | M] () -- C:\Windows\System32\rakion.sys
[2009/12/19 18:53:08 | 00,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJonathan.job
[2009/12/18 10:48:39 | 00,001,077 | ---- | M] () -- C:\Users\Jonathan\Desktop\Dead Space.lnk
[2009/12/17 18:09:03 | 00,011,490 | ---- | M] () -- C:\Users\Jonathan\Desktop\Lesson 15.docx

========== Files Created - No Company Name ==========

[2009/12/31 15:16:53 | 00,293,376 | ---- | C] () -- C:\Users\Jonathan\Desktop\gmer.exe
[2009/12/31 14:15:48 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\booyah.lnk
[2009/12/31 13:31:18 | 00,000,735 | ---- | C] () -- C:\Users\Jonathan\Desktop\NTREGOPT.lnk
[2009/12/31 13:31:18 | 00,000,716 | ---- | C] () -- C:\Users\Jonathan\Desktop\ERUNT.lnk
[2009/12/30 21:56:10 | 00,524,288 | -HS- | C] () -- C:\Users\Jonathan\ntuser.dat{e8bd65d0-f5b7-11de-995f-0022153e68df}.TMContainer00000000000000000002.regtrans-ms
[2009/12/30 21:56:10 | 00,524,288 | -HS- | C] () -- C:\Users\Jonathan\ntuser.dat{e8bd65d0-f5b7-11de-995f-0022153e68df}.TMContainer00000000000000000001.regtrans-ms
[2009/12/30 21:56:10 | 00,065,536 | -HS- | C] () -- C:\Users\Jonathan\ntuser.dat{e8bd65d0-f5b7-11de-995f-0022153e68df}.TM.blf
[2009/12/30 21:04:32 | 00,000,670 | ---- | C] () -- C:\Windows\System32\krl32mainweq.dll
[2009/12/30 20:19:07 | 00,000,160 | ---- | C] () -- C:\Windows\System32\srcr.dat
[2009/12/30 20:15:55 | 00,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
[2009/12/27 16:11:09 | 00,000,000 | -HS- | C] () -- C:\Windows\nvDrv.sy
[2009/12/24 10:07:08 | 00,010,088 | ---- | C] () -- C:\Users\Jonathan\Documents\RoE Log.docx
[2009/12/21 19:17:28 | 00,060,928 | ---- | C] () -- C:\Windows\System32\rakion.sys
[2009/12/18 10:48:39 | 00,001,077 | ---- | C] () -- C:\Users\Jonathan\Desktop\Dead Space.lnk
[2009/11/04 14:31:15 | 00,000,053 | ---- | C] () -- C:\Windows\APOapp.INI
[2009/09/30 13:22:16 | 00,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/09/06 11:54:09 | 00,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009/09/03 10:56:12 | 00,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/08/03 00:21:54 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/04/14 13:17:32 | 00,041,808 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/04/02 20:02:57 | 00,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2009/01/28 17:32:15 | 00,003,517 | ---- | C] () -- C:\Windows\mzf.ini
[2009/01/24 09:44:25 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/01/24 09:44:25 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/01/23 12:47:43 | 00,119,296 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2009/01/23 12:47:43 | 00,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll
[2009/01/23 12:47:43 | 00,036,864 | ---- | C] () -- C:\Windows\System32\dxinputdll.dll
[2009/01/22 20:31:14 | 00,000,032 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2009/01/05 17:15:33 | 00,000,000 | ---- | C] () -- C:\Windows\UNIVMGR.INI
[2008/12/04 18:31:27 | 00,001,682 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2008/12/04 18:31:27 | 00,000,088 | ---- | C] () -- C:\ProgramData\2045EBEA46.sys
[2008/11/19 16:26:43 | 00,006,924 | ---- | C] () -- C:\Users\Jonathan\AppData\Roaming\wklnhst.dat
[2008/10/02 21:42:58 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/09/07 21:42:12 | 00,016,896 | ---- | C] () -- C:\Users\Jonathan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/07 21:14:07 | 00,014,385 | ---- | C] () -- C:\Windows\Tw561a.ini
[2008/09/07 21:14:07 | 00,000,081 | ---- | C] () -- C:\Windows\Setup8a.ini
[2008/09/04 21:06:33 | 00,001,356 | ---- | C] () -- C:\Users\Jonathan\AppData\Local\d3d9caps.dat
[2008/08/25 21:44:33 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/08/25 21:44:33 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/07/26 07:25:02 | 00,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007/11/26 20:56:28 | 00,151,415 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/02/20 23:38:48 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Atari
[2009/08/14 09:05:14 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Bioshock
[2009/12/28 21:49:21 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\BitTorrent
[2008/09/19 08:16:06 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Blender Foundation
[2009/07/27 12:52:28 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Canon
[2009/01/17 20:01:36 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\DAEMON Tools
[2009/01/17 20:02:19 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\DAEMON Tools Lite
[2009/01/17 19:59:31 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\DAEMON Tools Pro
[2009/01/27 15:40:32 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\DeepBurner
[2009/12/31 15:14:36 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\DNA
[2009/06/26 12:21:33 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\DragonicaSCB
[2009/05/18 19:52:35 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Dreamlords
[2009/07/05 21:56:49 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\FOG Downloader
[2009/09/17 15:58:03 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\GetRightToGo
[2009/10/22 11:30:21 | 00,000,000 | -H-D | M] -- C:\Users\Jonathan\AppData\Roaming\ijjigame
[2009/01/23 13:17:17 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\KALiNKOsoft
[2009/02/20 23:45:17 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Leadertech
[2009/09/15 16:27:29 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\NeopleLauncherDFO
[2009/03/28 10:58:42 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Nexon
[2009/01/23 11:10:35 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\NPLUTO Corporation
[2009/03/31 20:25:22 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\SecondLife
[2009/06/23 09:25:37 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Snapfish
[2009/03/27 20:04:19 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\TalesRunner
[2008/11/19 16:26:45 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Template
[2009/04/26 11:58:53 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Three Rings Design
[2009/07/10 22:26:50 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\WildTangent
[2008/10/11 10:25:13 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\WinBatch
[2009/12/31 13:51:53 | 00,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 21:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/20 21:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/01/13 00:30:08 | 00,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 21:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/20 21:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRD32.SYS >
[2008/01/25 14:02:04 | 00,132,128 | ---- | M] (NVIDIA Corporation) MD5=0D15327134E5871C922760ACD7449E84 -- C:\Windows\System32\drivers\nvrd32.sys
[2008/01/25 14:02:04 | 00,132,128 | ---- | M] (NVIDIA Corporation) MD5=0D15327134E5871C922760ACD7449E84 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_e2a5b24c\nvrd32.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2008/01/25 14:02:04 | 00,140,832 | ---- | M] (NVIDIA Corporation) MD5=7DF63192BCF9C20EC2F7492E7F7544F9 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_e2a5b24c\nvstor32.sys
[2008/01/25 14:02:02 | 00,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\hp\drivers\nvidia_storage\nvstor32.sys
[2008/01/25 14:02:02 | 00,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\Windows\System32\drivers\nvstor32.sys
[2008/01/25 14:02:02 | 00,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_b55bb8a8\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/20 21:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/20 21:24:27 | 00,798,720 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\advapi32.dll
[2008/01/20 21:24:26 | 00,165,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dnsapi.dll
[2008/01/20 21:24:26 | 00,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2008/01/20 21:24:26 | 00,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2008/10/21 00:25:18 | 00,296,960 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\gdi32.dll
[2009/01/15 01:07:53 | 06,069,248 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ieframe.dll
[2009/01/15 01:07:53 | 00,270,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iertutil.dll
[2008/01/20 21:24:24 | 00,114,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\imm32.dll
[2008/01/20 21:24:13 | 00,888,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\kernel32.dll
[2008/01/20 21:24:14 | 00,023,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\lpk.dll
[2008/01/20 21:24:57 | 00,806,912 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msctf.dll
[2008/01/20 21:24:36 | 00,680,448 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvcrt.dll
[2006/11/02 03:33:06 | 00,002,560 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\normaliz.dll
[2008/01/20 21:24:47 | 00,008,192 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\nsi.dll
[2008/01/20 21:25:01 | 01,203,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ntdll.dll
[2008/01/20 21:24:58 | 01,315,328 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ole32.dll
[2008/04/11 22:32:11 | 00,784,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rpcrt4.dll
[2008/01/20 21:24:42 | 00,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/20 21:24:15 | 00,072,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\secur32.dll
[2008/11/06 08:14:25 | 11,580,928 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\shell32.dll
[2008/01/20 21:24:37 | 00,351,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\shlwapi.dll
[2008/01/20 21:24:38 | 00,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2008/01/20 21:24:21 | 00,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008/01/20 21:24:10 | 00,108,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\userenv.dll
[2008/01/20 21:24:14 | 00,501,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\usp10.dll
[2009/01/15 01:11:16 | 00,827,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\wininet.dll
[2008/01/20 21:24:48 | 00,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Windows\System32\zlib.dll:SummaryInformation
@Alternate Data Stream - 124 bytes -> C:\Windows\System32\zlib.dll:DocumentSummaryInformation
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:D06A4C76
< End of report >




Extras:





OTL Extras logfile created on: 12/31/2009 3:19:43 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Jonathan\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.56 Gb Total Space | 121.31 Gb Free Space | 42.18% Space Free | Partition Type: NTFS
Drive D: | 10.53 Gb Total Space | 1.41 Gb Free Space | 13.39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JONATHAN-PC
Current User Name: Jonathan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-829868698-4135420781-2601505890-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Gameforge4D\AirRivals\Launcher.atm" = C:\Program Files\Gameforge4D\AirRivals\Launcher.atm:Enabled:GameExe2 -- File not found
"C:\Program Files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe" = C:\Program Files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe:Enabled:GameVoIP -- File not found
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found
"" = :*:Enabled:Nod32 Service
"C:\Users\Jonathan\AppData\Roaming\microsoft\it.exe" = C:\Users\Jonathan\AppData\Roaming\microsoft\it.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Users\Jonathan\AppData\Roaming\microsoft\downfdfdfload.exe" = C:\Users\Jonathan\AppData\Roaming\microsoft\downfdfdfload.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Users\Jonathan\AppData\Roaming\microsoft\dojbkwnfdfdfload.exe" = C:\Users\Jonathan\AppData\Roaming\microsoft\dojbkwnfdfdfload.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Windows\winup.exe" = C:\Windows\winup.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Users\Jonathan\AppData\Roaming\microsoft\download.exe" = C:\Users\Jonathan\AppData\Roaming\microsoft\download.exe:*:Enabled:Windows Messenger -- ()
"C:\Windows\winudpmgr.exe" = C:\Windows\winudpmgr.exe:*:Enabled:Windows Messenger -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007C946B-1D4B-4A85-8A57-5D8CF8FF785F}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{0408201C-D25C-493C-B493-E4FE178D8AF2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0E9E099C-D19D-49AF-BF15-EF635A94B5F5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0ED21D45-44E8-4302-A093-3DF5250D60BD}" = rport=445 | protocol=6 | dir=out | app=system |
"{10D8170D-C806-446F-B7AC-B39AAED8192B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C9A4852-6EDC-4834-8B9B-2DDDADF2C958}" = rport=137 | protocol=17 | dir=out | app=system |
"{1D6641D7-625D-49A6-BBF5-18B0B00D89FA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2143EF81-D52F-4558-BBA1-1C9D9DEBB29A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{21824B47-0254-4541-87B9-79609A9AF7A0}" = lport=137 | protocol=17 | dir=in | app=system |
"{293A0032-066A-4A68-BB03-750DA0942B15}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3302C984-500D-4492-A477-92F141EDC473}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{395C2CDB-22D7-481D-B5D8-189052319025}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3DB1E59E-3710-4E34-ACDF-FB9F0ED2CBF2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3E4A3C2A-7F7C-4A28-A3F3-721CD5AC1EBF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{42280278-AC12-4D16-B96E-FEA50F01CB6C}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{4ECF6FB7-7E61-413E-A67A-2ED40E2AB171}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4F321B9C-406F-442D-BBD6-7C3621638772}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{53C45C15-D405-4C56-B604-5926CD16EF39}" = lport=445 | protocol=6 | dir=in | app=system |
"{5BEF6DDD-8414-48F7-AA1D-FB84D0753971}" = rport=10244 | protocol=6 | dir=out | app=system |
"{5FDD649B-DF9D-4B0B-8B23-02F70037FD84}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{651154CD-0660-426C-8AD6-31AEDEC4910F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{66EE2AC2-2601-46CD-A475-1429279D3681}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{6BBDF093-168C-46B4-9706-4440A0FA9BCF}" = rport=10244 | protocol=6 | dir=out | app=system |
"{6D0038C9-40AD-45A4-9188-849CE2AC1D41}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6EC0B441-6004-4707-A2E9-88111BDE62E5}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{792D353D-E2F1-48DF-8EB4-C0AFB3866CB1}" = lport=3390 | protocol=6 | dir=in | app=system |
"{7DCFC93E-7382-4396-8BBF-1DBE30D22330}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7DD638B1-E442-4819-8E93-886BA6C8B830}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7F2D581F-784E-4662-AEF5-E64E90BDC343}" = lport=10244 | protocol=6 | dir=in | app=system |
"{7F97500D-AB84-43ED-94B9-193850683FB1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8278C7EA-46FC-42EB-86D2-5AB1BB7D0309}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{8372ECE9-1FBF-48C8-8BBA-E62F009598EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{842B9C0E-6D8C-4F5E-9B0B-4F886C1DF133}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{88685450-BF2D-4829-903D-57ABE29A0E4A}" = rport=139 | protocol=6 | dir=out | app=system |
"{8BE14444-5489-4620-92BC-886A8B4F1A0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{8F9E5B34-BC49-4821-978F-B908091A3880}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{904A5F05-9A0F-4C1A-894C-3CD45B55A1F1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{921330CA-89F1-4FEA-8600-8E6326A38BFB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{93F6D2F3-6DAB-4F59-8724-4B929101E0FC}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{975D24DA-F033-42B2-B971-3C484DAD69D3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9B5106B6-F00F-4343-BDE4-73AE65A28FDE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9C92FB95-9A18-4303-AE01-35564D9D229F}" = lport=3390 | protocol=6 | dir=in | app=system |
"{A0AD81C2-E9CB-4F0D-8C74-3DA890B56ED9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{A3F55493-9CDE-4CE0-B53F-E7314217D6DA}" = rport=2869 | protocol=6 | dir=out | app=system |
"{AD190E17-290A-489B-A509-4B080566ECC7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B0B34C47-DBAB-474A-B397-0BA88DC0AA17}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{B5A17F6E-FF3E-445F-80A9-B067C0A857B8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B8B3B532-6B99-4438-8FD9-1230E71B9D76}" = lport=138 | protocol=17 | dir=in | app=system |
"{C2B17748-6DC4-49FD-BE6A-62E1FF7C6575}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C75D6246-CC1E-432F-8067-6803280A32AE}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C9F0A18D-5A94-4616-867A-04E05B359E3B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CB434679-4EFC-4205-B214-B5E2EC88C9D6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D08FA9C1-C8F9-4124-A8A5-B2B62BD259E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D4C2AD7F-CB35-49FD-A808-98451940C19F}" = lport=139 | protocol=6 | dir=in | app=system |
"{E30EA7D3-075B-4006-955C-3B8B8E9F26A2}" = rport=138 | protocol=17 | dir=out | app=system |
"{E8444CB5-5E3E-4D66-9436-BFC25ABB2220}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F155C265-DF05-49EA-931D-976207524011}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F279348A-925D-4321-B0EE-1551B43FDB20}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F2A390CF-F775-4382-9F11-09089DA4F3EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F3436FD5-CCD0-4A6A-A695-11723F756C0D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FCAD2F60-CBAC-4966-841F-9BB1CA4005C7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FDC083D2-15E8-4364-B1D2-A966CA72FF67}" = lport=10244 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B4AACB-FEBA-43ED-9980-54E63D956638}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{09796CA3-E189-416E-A7D9-EF9CF7A3971B}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{0B096C87-47A6-43AE-855E-2A5A31E5BA2A}" = protocol=17 | dir=in | app=c:\program files\microsoft games\dungeon siege ii demo\dungeonsiege2.exe |
"{0B6EC734-07F6-45F8-B2BA-7B81D24F3A4F}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{10859B5A-358E-4B3A-90E3-A9E4E10B7742}" = protocol=17 | dir=in | app=c:\program files\microsoft games\dungeon siege 2\dungeonsiege2.exe |
"{1368401F-B93F-436B-BDD9-5D317FB96B9C}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{146DDE74-9612-43D4-BD48-ED8AD1947402}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{15C6631C-908D-43B3-8287-33991AD7AF69}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1629BFDB-5734-4877-955E-487C28F61C40}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{174543E7-AD7D-484D-8774-F32DE8AEA63B}" = protocol=1 | dir=out | [email protected],-28544 |
"{197AF863-05F5-43FC-95A3-3CA46AA19366}" = protocol=6 | dir=in | app=c:\program files\turbine\turbine download manager\turbinenetworkservice.exe |
"{1DB54AB2-A856-496C-BE7D-A990963AE372}" = protocol=58 | dir=out | [email protected],-28546 |
"{231D1191-71C4-423F-8998-ABA8F010DA11}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{2C37A4DB-8B92-4555-BC9F-85D52CCAB4D3}" = protocol=6 | dir=in | app=c:\program files\outspark\project powder\run.exe |
"{2E1F9312-5A7E-4622-9943-CC0355646BD2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2E50CEF7-A01C-4BF8-933A-75A41B3BADED}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{3323A270-3924-411A-A1E9-47246EF00833}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{344F9B58-3065-4290-99A2-71BB3E10F36F}" = protocol=58 | dir=in | [email protected],-28545 |
"{346A9BF9-C46C-48B5-9F9F-0F170B1E600C}" = protocol=17 | dir=in | app=c:\users\jonathan\appdata\local\temp\purplebean.exe |
"{34B6667F-A60D-4754-99E1-2CC1929416E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{36ECE0D0-A6A5-4AE6-99D9-7FC615BB9CF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3A4917CA-29BA-4929-9FF1-BF59115DFAF4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4438B4B0-C9AE-485E-AC14-C91394080292}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{444D859B-DD12-4BE5-B0AE-FE6CDF3E6B36}" = protocol=6 | dir=in | app=c:\users\jonathan\appdata\local\temp\purplebean.exe |
"{4E409750-7D7F-4DE4-8998-732516CE6DA7}" = protocol=17 | dir=in | app=c:\program files\outspark\project powder\run.exe |
"{574BBA38-F309-47A1-9556-B84E3287BE31}" = protocol=17 | dir=in | app=c:\program files\outspark\project powder\run.exe |
"{62F2DA86-CA2A-4208-9017-B938727ADA55}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{67CCA99C-0070-443E-A866-A680BEB87BA9}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{68577C2A-6797-4C2F-9DAC-9F0D1BBA6C88}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{6A6402E0-45E7-49A2-B32B-EF44D9D47A61}" = protocol=6 | dir=out | app=system |
"{6FB41C04-8A2B-4D90-99F3-97842274325C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{71E65215-D8D5-4591-BFEA-236DA41C8A16}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{784C5AF2-372D-45C9-9B82-F1A7C92D465A}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{7879074A-3DD6-43BB-99B2-28D473929FCF}" = protocol=6 | dir=in | app=c:\program files\microsoft games\dungeon siege ii demo\dungeonsiege2.exe |
"{78D4522F-8E86-4E3B-8C23-D38BBCCAD20C}" = protocol=6 | dir=in | app=c:\program files\microsoft games\dungeon siege 2\dungeonsiege2.exe |
"{796BA7DF-C18E-4A32-992C-395576830AA3}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{7DD1ED1D-305B-40FC-8577-386B63F58F8C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7ED8E676-63C3-4032-8FF7-716D42B16AA8}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{820F47AD-AD5F-4379-AEA4-6CAA66DC5496}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{83D2FD5D-70FA-4AE0-907D-B76A2CA3A89F}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{83ED58A3-E0A9-485B-813F-3E9CE201B33B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{87F79538-7F0A-4037-8E9A-58C6415B4166}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{89F1B06E-C101-4E1A-9C00-4ED054D248E0}" = protocol=1 | dir=in | [email protected],-28543 |
"{8A2A5415-AA21-494E-BD50-4E9F6CBA001E}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{8E094C7F-CB26-4F61-BCC4-D40B545D7A72}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{904B7D59-6DF9-4A1B-8A68-5003D8665D2A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{954D1AFD-4FAC-4EBF-A54B-A4FBD3F13AA1}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{96BFB642-0286-4996-BD46-4E5C5205D428}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{9754745D-C844-422E-8899-439EF978EA1E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{97D42198-BECF-475A-96B6-829908BE9983}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9AC343E6-6D0C-469F-A702-E3FB2C82B5C4}" = protocol=58 | dir=in | [email protected],-148 |
"{9D8F1D05-1BE5-437C-AC68-F35BD8C61E02}" = protocol=6 | dir=in | app=c:\users\jonathan\appdata\local\temp\purplebean.exe |
"{A2C002E9-EA4C-4148-B2B7-7C39C51D1C04}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A34E7E1F-55B8-404B-84E2-B7B3172F9E7A}" = dir=in | app=c:program filespando networksmedia boosterpmb.exe |
"{AB81BA91-3F07-4AB3-B335-92DB0D0CE80E}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{AFBB3CD2-B7C5-4D5E-B354-6FFD7739CB23}" = protocol=17 | dir=in | app=c:\program files\turbine\turbine download manager\turbinenetworkservice.exe |
"{B876530C-F14E-49F0-8571-966B19AB06D9}" = protocol=6 | dir=in | app=c:\program files\turbine\turbine download manager\turbinemessageservice.exe |
"{C088CC53-A48A-4B7E-928B-8290D31B2A6F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C3B48F6B-66B6-46B1-BF1F-D41B40B49EE3}" = protocol=6 | dir=in | app=c:\program files\outspark\project powder\run.exe |
"{C727CFDB-C2E4-409E-A753-919E69A1EA6D}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{C7E5A2CA-ED32-49F9-A345-917C04A182C0}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{CD0FECEB-0207-4A06-A29E-3F3D3797F306}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{CD37DC0F-59AB-48C4-B0A0-C5A1DD8AFEA9}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{CE57A0AB-25AA-4E74-B30B-9A9297FB518B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D58BC6CA-D81D-450E-951A-1F8206F3D88E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D8DCAB99-C396-47A5-AF7B-F243AA1E5C71}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{DB130106-0816-4A3E-9421-B6BF6C509302}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DC66432F-365B-4EA7-8799-C3E9EC05E018}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DD7987D3-A56F-4B19-87D4-552BB34EB025}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E288058D-E057-48AF-A17D-390237C4B443}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{E369AD8B-68FF-43E2-8174-FBDDDE5A8D2C}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{E58F777E-1DAD-4B9A-92C4-AF78619C5D48}" = protocol=17 | dir=in | app=c:\users\jonathan\appdata\local\temp\purplebean.exe |
"{E6BD514D-7E83-47A5-BEB2-0CD790624A2B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E9CEB825-CF5A-4BCB-89F6-CB52CCAF4AC2}" = protocol=17 | dir=in | app=c:\program files\turbine\turbine download manager\turbinemessageservice.exe |
"{ED0C4FD1-7AAA-4A35-809B-83734162E73E}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{F074068C-A58C-4F7B-A64D-DED8F7BFC581}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F7C7C7AA-BA6E-4D1A-9752-24F5C664E4B1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FFC59921-2235-438C-B547-E63FB48BD9B5}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{0605EFC7-800E-4497-805E-13A1DFA15D21}C:\program files\ijji\ijji reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files\ijji\ijji reactor\reactor.exe |
"TCP Query User{0A851F86-E7E8-4121-8C04-AE8B0EB58AC2}C:\users\jonathan\downloads\dead.space.multi-5.repack.skullptura\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\users\jonathan\downloads\dead.space.multi-5.repack.skullptura\dead space\dead space.exe |
"TCP Query User{13C6836B-AE20-41A4-8DC0-D0C8F4ECA92A}C:\program files\microsoft games\dungeon siege\dsloa.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\dungeon siege\dsloa.exe |
"TCP Query User{273A487C-18AA-4FCE-BB77-82260A52C3FA}C:\program files\joymax\darkeden\darkeden.exe" = protocol=6 | dir=in | app=c:\program files\joymax\darkeden\darkeden.exe |
"TCP Query User{2CA0E5FE-4812-4A27-91E3-49EF7AA4C685}C:\programdata\ijjigame\plauncher.exe" = protocol=6 | dir=in | app=c:\programdata\ijjigame\plauncher.exe |
"TCP Query User{30FE0162-509E-4C2D-8618-744101305878}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{3DDC9098-6BB4-4E53-9530-3686685122F4}C:\ijji\english\u_gbound.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_gbound.exe |
"TCP Query User{49A44475-301F-4B7F-AB5F-8C8680684F31}C:\program files\taikodom\taikodom-game.exe" = protocol=6 | dir=in | app=c:\program files\taikodom\taikodom-game.exe |
"TCP Query User{4A640E78-C68D-4A2F-88E9-60612D191FAD}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{4FB9400C-34DF-4BFB-B57A-B0244E1C5B51}C:\users\jonathan\downloads\de_full-client_downloader.exe" = protocol=6 | dir=in | app=c:\users\jonathan\downloads\de_full-client_downloader.exe |
"TCP Query User{51ABD9B2-890F-402A-8E8D-41E485BD0C1A}C:\program files\driftcity\driftcity.exe" = protocol=6 | dir=in | app=c:\program files\driftcity\driftcity.exe |
"TCP Query User{68923429-92F2-44D3-9D88-18ECCE77ABAD}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{6A994293-2C00-458E-8F6C-3FEC2B8BB8A4}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{6BE8F969-3BD6-4BF3-83BE-960B1037A061}C:\windows\system32\updater.exe" = protocol=6 | dir=in | app=c:\windows\system32\updater.exe |
"TCP Query User{76D224AC-FE0E-48E8-AF6B-CA74EB8BC0E4}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{877E75C8-4482-48E4-A5A0-E74F579DEF72}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{8A69EE43-D4F0-4BBB-BEC7-766FF7EA8695}C:\ijji\english\u_gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_gunz.exe |
"TCP Query User{8ADD20D4-03D3-4BF1-A77E-FAD268B37462}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{92922785-CE42-4E58-83CA-8CE9BBED050C}C:\ijji\english\u_skid.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_skid.exe |
"TCP Query User{98C6D23B-8B7D-40A6-AE12-886931A7F06B}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{9DDC5B6B-F11D-4D52-BF69-730B687FB194}C:\users\jonathan\downloads\fogdl-bbo_en_setup_08.exe" = protocol=6 | dir=in | app=c:\users\jonathan\downloads\fogdl-bbo_en_setup_08.exe |
"TCP Query User{AAE4A3ED-BDCE-4403-BA8D-B4C748A05E16}C:\ijji\english\gunz\gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"TCP Query User{B346AB01-15ED-41BD-A9F0-6DF3B78108A3}C:\program files\firaxis games\civilization iii complete\conquests\civ3conquests.exe" = protocol=6 | dir=in | app=c:\program files\firaxis games\civilization iii complete\conquests\civ3conquests.exe |
"TCP Query User{B70ECC40-895F-4739-A654-48CFCB4FEE05}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{B8B310AB-D4DB-4E47-9CA4-7B7425126804}C:\program files\bots\bots.dat" = protocol=6 | dir=in | app=c:\program files\bots\bots.dat |
"TCP Query User{BC7FCE47-BE9C-4797-88F0-7E8EBE5E9B77}C:\program files\microsoft games\dungeon siege\dungeonsiege.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\dungeon siege\dungeonsiege.exe |
"TCP Query User{C855E4D1-02A5-41C0-A47C-38C4F61B20BA}C:\program files\dreamlords\dreamlords.exe" = protocol=6 | dir=in | app=c:\program files\dreamlords\dreamlords.exe |
"TCP Query User{C8E1CE6C-E604-4AF5-99EF-72904B7A1332}C:\program files\gpotato\talesrunner\trgame.exe" = protocol=6 | dir=in | app=c:\program files\gpotato\talesrunner\trgame.exe |
"TCP Query User{CA270603-3525-4FA6-8235-24E38EC6B85A}C:\windows\sr882388.exe" = protocol=6 | dir=in | app=c:\windows\sr882388.exe |
"TCP Query User{CFD3D626-BDF9-42AB-88CF-16A4AE862EFF}C:\program files\softnyx\rakionis\bin\rakion.bin" = protocol=6 | dir=in | app=c:\program files\softnyx\rakionis\bin\rakion.bin |
"TCP Query User{E2557A10-DD81-4463-AF35-6C3E2639B5F1}C:\users\jonathan\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\jonathan\program files\dna\btdna.exe |
"TCP Query User{E739165E-C29C-4515-A86E-E59B9D94F1FC}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"TCP Query User{EDCF0ED4-AD9F-402F-96CC-0DAC2C1FA94E}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{F0532771-AB24-42D0-84F7-8AF3876D2700}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{FB18360D-DA93-4356-8F8E-730DE4BBABB1}C:\windows\system32\updater.exe" = protocol=6 | dir=in | app=c:\windows\system32\updater.exe |
"TCP Query User{FD3A2F93-ADD7-4E4A-82AD-4446145746DB}C:\program files\persona\persona.exe" = protocol=6 | dir=in | app=c:\program files\persona\persona.exe |
"UDP Query User{02386B33-B9B2-410E-A60A-48484A395747}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{03699A9E-AFB3-40DF-BF28-2402B837CB6B}C:\program files\dreamlords\dreamlords.exe" = protocol=17 | dir=in | app=c:\program files\dreamlords\dreamlords.exe |
"UDP Query User{083ADF1D-CF57-4512-B8C2-ADC74C76F7CA}C:\ijji\english\u_gbound.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_gbound.exe |
"UDP Query User{0EC2926F-7686-463F-AA73-1CEE94F9B02F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{15184115-A844-4276-8CF6-1C4C3E95999D}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{1622EACF-1242-4984-A663-E9EB0894B0F6}C:\program files\taikodom\taikodom-game.exe" = protocol=17 | dir=in | app=c:\program files\taikodom\taikodom-game.exe |
"UDP Query User{18214927-B15B-44CA-8C0D-6D9BB0E9E60C}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"UDP Query User{22A5732B-5320-4BE6-9B94-0582A5A0067E}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{24DA59B8-2252-45D2-BC06-FF58BF0654C8}C:\program files\firaxis games\civilization iii complete\conquests\civ3conquests.exe" = protocol=17 | dir=in | app=c:\program files\firaxis games\civilization iii complete\conquests\civ3conquests.exe |
"UDP Query User{37E73A91-0B47-4828-B75A-0F78F1E3D96E}C:\windows\system32\updater.exe" = protocol=17 | dir=in | app=c:\windows\system32\updater.exe |
"UDP Query User{444ABE68-AC21-48B3-92BD-4B41951CA80C}C:\program files\microsoft games\dungeon siege\dungeonsiege.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\dungeon siege\dungeonsiege.exe |
"UDP Query User{46D239F1-A973-4571-9EA1-301278AD9C77}C:\users\jonathan\downloads\fogdl-bbo_en_setup_08.exe" = protocol=17 | dir=in | app=c:\users\jonathan\downloads\fogdl-bbo_en_setup_08.exe |
"UDP Query User{493471CB-40CE-42FA-ADD9-8D38E57F245F}C:\program files\driftcity\driftcity.exe" = protocol=17 | dir=in | app=c:\program files\driftcity\driftcity.exe |
"UDP Query User{4AEA9F9E-B292-4978-A45E-30979D576195}C:\program files\ijji\ijji reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files\ijji\ijji reactor\reactor.exe |
"UDP Query User{4C7BB1F4-D03F-4C45-B75F-C76174B524C1}C:\program files\softnyx\rakionis\bin\rakion.bin" = protocol=17 | dir=in | app=c:\program files\softnyx\rakionis\bin\rakion.bin |
"UDP Query User{4D607928-EF41-46E8-AEE5-D9F1000FA906}C:\users\jonathan\downloads\dead.space.multi-5.repack.skullptura\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\users\jonathan\downloads\dead.space.multi-5.repack.skullptura\dead space\dead space.exe |
"UDP Query User{52C59417-A438-4170-8F27-2524059F79FE}C:\program files\microsoft games\dungeon siege\dsloa.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\dungeon siege\dsloa.exe |
"UDP Query User{61139477-13F7-43C4-9E38-2C04FFB5AC32}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"UDP Query User{66199DF6-6D9E-487C-9019-ED37FFACACD3}C:\program files\gpotato\talesrunner\trgame.exe" = protocol=17 | dir=in | app=c:\program files\gpotato\talesrunner\trgame.exe |
"UDP Query User{68D4CE6A-88BF-44EF-846D-C221E369203F}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{76C6A764-2ADB-4A44-B513-3528CBB2DC22}C:\windows\system32\updater.exe" = protocol=17 | dir=in | app=c:\windows\system32\updater.exe |
"UDP Query User{800C80D3-EA7C-47FC-8412-34373CEE4E13}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{85BC46A9-2F8A-4074-B8A8-2F14EABF702A}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{8801C294-03C3-44B1-9BEF-6D39E4172554}C:\windows\sr882388.exe" = protocol=17 | dir=in | app=c:\windows\sr882388.exe |
"UDP Query User{8B25B116-BD3D-42D0-AE0D-1BF5F00CFD7A}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{8F90996C-D91B-454F-BE50-65F32606E872}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{91528C59-9D10-4DDD-84B3-76E1DD70B82E}C:\users\jonathan\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\jonathan\program files\dna\btdna.exe |
"UDP Query User{92E5F763-5A2A-40F4-801B-5899465782E3}C:\ijji\english\gunz\gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"UDP Query User{933FF907-6147-4E5A-B7E2-05090386E28E}C:\users\jonathan\downloads\de_full-client_downloader.exe" = protocol=17 | dir=in | app=c:\users\jonathan\downloads\de_full-client_downloader.exe |
"UDP Query User{A05DAF13-13FA-41A6-8D29-5C0B4B80E847}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{A0A01C41-EAD4-47F9-A6E1-2944648F6385}C:\program files\persona\persona.exe" = protocol=17 | dir=in | app=c:\program files\persona\persona.exe |
"UDP Query User{C063CD9C-16F8-4C1B-A31C-C4419707D37B}C:\program files\bots\bots.dat" = protocol=17 | dir=in | app=c:\program files\bots\bots.dat |
"UDP Query User{C5B413D1-9A71-405F-812E-BD581A6DC257}C:\ijji\english\u_gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_gunz.exe |
"UDP Query User{F1C0F9F0-09B7-47BC-87A7-92D7DBA93C81}C:\ijji\english\u_skid.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_skid.exe |
"UDP Query User{F337ECD6-EEF1-454A-96CE-4FDECC9C7172}C:\programdata\ijjigame\plauncher.exe" = protocol=17 | dir=in | app=c:\programdata\ijjigame\plauncher.exe |
"UDP Query User{F3CD9A25-0B47-45B8-9BFE-A95EFFD2C14B}C:\program files\joymax\darkeden\darkeden.exe" = protocol=17 | dir=in | app=c:\program files\joymax\darkeden\darkeden.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars: Knights of the Old Republic ™
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40963A3A-734C-48A6-9DF6-230A5E8B56ED}" = RoE Power Tools
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49BF48CC-ABB6-4795-9B35-B5DE005D8612}" = Pinnacle Game Profiler
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{5109FC1B-2250-4EDE-903A-1662B69F2001}" = Darkeden
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{59FA2A26-753A-4058-9BCE-75A561D38DAF}" = Atlantica Online
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7FD71A9E-C4D3-42ED-A998-CDA8290C39A3}" = LightScribe Template Labeler
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B5560986-7A6A-4CCA-A808-853D2CED3796}" = Outspark Sharp Launcher
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{E0810CC2-4B5B-4439-B1D0-452306AF2D64}" = HP Active Support Library
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}" = Black and White
"{E83816B1-57FC-4999-B9B6-A422AFFAD876}" = Project Powder
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F270470B-D4A7-4EE2-B010-390E104443A7}" = croNous
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F48C6EA5-3B43-11D6-86A6-0050BA0259A2}" = Philips PC Camera
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F82E9B29-EE4B-418F-9CA4-A70DA610553D}" = LightScribe Template Designs - Street Style Pack 1
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}" = muvee autoProducer 6.1
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Blender" = Blender (remove only)
"Canon MP190 series User Registration" = Canon MP190 series User Registration
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CDisplay_is1" = CDisplay 1.8
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative WebCam Center" = Creative WebCam Center
"DFO" = DFOLauncher
"Dungeon Siege 2" = Dungeon Siege II
"Dungeon Siege Legends of Aranna 1.0" = Dungeon Siege Legends of Aranna
"DungeonSiege2" = Dungeon Siege 2
"DVD Flick_is1" = DVD Flick 1.3.0.7
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EAX™ Unified (SHELL)" = EAX™ Unified (SHELL)
"ERUNT_is1" = ERUNT 1.1j
"Free Registry Defrag_is1" = Free Registry Defrag
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Hamachi" = Hamachi 1.0.3.0
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Magic ISO Maker v5.5 (build 0273)" = Magic ISO Maker v5.5 (build 0273)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16)
"MP Navigator EX 1.2" = Canon MP Navigator EX 1.2
"Numark Cue (Atomix Productions)" = Numark Cue (Atomix Productions)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenVPN" = OpenVPN 2.0.9
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Product_Name" = diPlugin
"PROR" = Microsoft Office Professional 2007
"Quarter Mile Math DEMO" = Quarter Mile Math DEMO
"RealPlayer 6.0" = RealPlayer
"RebirthRO01/10/2009/ FULL-CLIENT" = RebirthRO
"Shockwave" = Shockwave
"The Rosetta Stone" = The Rosetta Stone
"VirtualCloneDrive" = VirtualCloneDrive
"WildTangent hp Master Uninstall" = My HP Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WORD" = Microsoft Office Word 2007
"Xfire" = Xfire (remove only)
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Zombie Driver" = Zombie Driver 1.0.3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Batclient" = Batclient
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/31/2009 12:18:10 AM | Computer Name = Jonathan-PC | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.43.0.0, time stamp 0x4b3bba31,
faulting module mbam.exe, version 1.43.0.0, time stamp 0x4b3bba31, exception code
0x80000003, fault offset 0x00003114, process id 0xf74, application start time 0x01ca89d043361d92.

Error - 12/31/2009 12:18:35 AM | Computer Name = Jonathan-PC | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.43.0.0, time stamp 0x4b3bba31,
faulting module mbam.exe, version 1.43.0.0, time stamp 0x4b3bba31, exception code
0x80000003, fault offset 0x00003114, process id 0x17c4, application start time 0x01ca89d051eb5fd2.

Error - 12/31/2009 12:18:41 AM | Computer Name = Jonathan-PC | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.43.0.0, time stamp 0x4b3bba31,
faulting module mbam.exe, version 1.43.0.0, time stamp 0x4b3bba31, exception code
0x80000003, fault offset 0x00003114, process id 0x1424, application start time 0x01ca89d0559aac32.

Error - 12/31/2009 12:18:45 AM | Computer Name = Jonathan-PC | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.43.0.0, time stamp 0x4b3bba31,
faulting module mbam.exe, version 1.43.0.0, time stamp 0x4b3bba31, exception code
0x80000003, fault offset 0x00003114, process id 0xc24, application start time 0x01ca89d0580606e2.

Error - 12/31/2009 12:18:51 AM | Computer Name = Jonathan-PC | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.43.0.0, time stamp 0x4b3bba31,
faulting module mbam.exe, version 1.43.0.0, time stamp 0x4b3bba31, exception code
0x80000003, fault offset 0x00003114, process id 0x6d8, application start time 0x01ca89d05b89d672.

Error - 12/31/2009 8:48:36 AM | Computer Name = Jonathan-PC | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, time stamp
0x48af14ef, faulting module GoogleUpdate.exe, version 1.2.131.7, time stamp 0x48af14ef,
exception code 0x80000003, fault offset 0x00006eef, process id 0x7b8, application
start time 0x01ca8a1791901142.

Error - 12/31/2009 8:49:45 AM | Computer Name = Jonathan-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/31/2009 8:50:34 AM | Computer Name = Jonathan-PC | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, time stamp
0x48af14ef, faulting module GoogleUpdate.exe, version 1.2.131.7, time stamp 0x48af14ef,
exception code 0x80000003, fault offset 0x00006eef, process id 0xe00, application
start time 0x01ca8a17d7af933d.

Error - 12/31/2009 8:51:17 AM | Computer Name = Jonathan-PC | Source = Application Error | ID = 1000
Description = Faulting application MSASCui.exe, version 1.1.1600.0, time stamp 0x47918de2,
faulting module MpClient.dll, version 1.1.1600.0, time stamp 0x4791a624, exception
code 0x80000003, fault offset 0x00013d22, process id 0x9fc, application start time
0x01ca8a17d99c4fdd.

Error - 12/31/2009 8:51:27 AM | Computer Name = Jonathan-PC | Source = Application Error | ID = 1000
Description = Faulting application SpybotSD.exe, version 1.6.0.30, time stamp 0x2a425e19,
faulting module SpybotSD.exe, version 1.6.0.30, time stamp 0x2a425e19, exception
code 0x80000003, fault offset 0x002af3b8, process id 0xa98, application start time
0x01ca8a17db07f59d.

[ Media Center Events ]
Error - 7/17/2009 11:45:45 PM | Computer Name = Jonathan-PC | Source = Mcx2Dvcs | ID = 401
Description =

Error - 7/17/2009 11:51:13 PM | Computer Name = Jonathan-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 7/18/2009 7:45:59 PM | Computer Name = Jonathan-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ OSession Events ]
Error - 10/12/2008 8:11:33 PM | Computer Name = Jonathan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 326970
seconds with 2280 seconds of active time. This session ended with a crash.

Error - 12/9/2009 1:15:40 PM | Computer Name = Jonathan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5391
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/31/2009 2:53:22 PM | Computer Name = Jonathan-PC | Source = netbt | ID = 4311
Description = Initialization failed because the driver device could not be created.
Use
the string "00FF83F18C82" to identify the interface for which initialization failed.
It represents the MAC address of the failed interface or the Globally Unique Interface
Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither
the MAC address nor the GUID were available, the string represents a cluster device
name.

Error - 12/31/2009 2:53:22 PM | Computer Name = Jonathan-PC | Source = netbt | ID = 4311
Description = Initialization failed because the driver device could not be created.
Use
the string "00FF83F18C82" to identify the interface for which initialization failed.
It represents the MAC address of the failed interface or the Globally Unique Interface
Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither
the MAC address nor the GUID were available, the string represents a cluster device
name.

Error - 12/31/2009 2:53:22 PM | Computer Name = Jonathan-PC | Source = netbt | ID = 4311
Description = Initialization failed because the driver device could not be created.
Use
the string "0022153E68DF" to identify the interface for which initialization failed.
It represents the MAC address of the failed interface or the Globally Unique Interface
Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither
the MAC address nor the GUID were available, the string represents a cluster device
name.

Error - 12/31/2009 2:53:22 PM | Computer Name = Jonathan-PC | Source = netbt | ID = 4311
Description = Initialization failed because the driver device could not be created.
Use
the string "0022153E68DF" to identify the interface for which initialization failed.
It represents the MAC address of the failed interface or the Globally Unique Interface
Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither
the MAC address nor the GUID were available, the string represents a cluster device
name.

Error - 12/31/2009 2:53:36 PM | Computer Name = Jonathan-PC | Source = HTTP | ID = 15016
Description =

Error - 12/31/2009 2:54:47 PM | Computer Name = Jonathan-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 12/31/2009 2:54:47 PM | Computer Name = Jonathan-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/31/2009 2:54:47 PM | Computer Name = Jonathan-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12/31/2009 2:54:47 PM | Computer Name = Jonathan-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/31/2009 2:54:47 PM | Computer Name = Jonathan-PC | Source = Service Control Manager | ID = 7034
Description =


< End of report >









Thank You.

Edited by Jon_Skelington, 31 December 2009 - 07:02 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP