[banana80]

Help!

When I start my computer, I get this desktop alert:

"Could not load or run C:\users\anna\appdata\local\temp\dwm.exe specified in the registry. Make sure the file exists on your computer or remove the reference to it in the registry."

I also cannot connect to the internet while logged on to my user profile, but can connect using the Guest profile.

I have followed the instructions to remove malware before posting this topic, and I still have the same problem. I will post the log results below.

PLEASE HELP!!

Thank you,

Anna



Here is the Malwarebytes Anti-Malware log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4742

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

10/5/2010 12:49:14 PM
mbam-log-2010-10-05 (12-49-14).txt

Scan type: Quick scan
Objects scanned: 116432
Time elapsed: 5 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




***Here is the log from the virus scan from AVG:

Scan "Scan whole computer" completed.
Warnings;"24";"24";"0"
Folders selected for scanning:;"Scan whole computer"
Scan started:;"Tuesday, October 05, 2010, 12:56:48 PM"
Scan finished:;"Tuesday, October 05, 2010, 2:02:09 PM (1 hour(s) 5 minute(s) 21 second(s))"
Total object scanned:;"795740"
User who launched the scan:;"Guest"

Warnings
File;"Infection";"Result"
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tribalfusion[1].txt:\tribalfusion.com.dcc03271;"Found Tracking cookie.Tribalfusion";"Deleted"
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tribalfusion[1].txt;"Found Tracking cookie.Tribalfusion";"Healed"
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@trafficmp[2].txt:\trafficmp.com.f3e5803e;"Found Tracking cookie.Trafficmp";"Deleted"
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@trafficmp[2].txt:\trafficmp.com.e2e71e33;"Found Tracking cookie.Trafficmp";"Deleted"
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@trafficmp[2].txt:\trafficmp.com.ae53b8b;"Found Tracking cookie.Trafficmp";"Deleted"
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@trafficmp[2].txt:\trafficmp.com.ad6d4010;"Found Tracking cookie.Trafficmp";"Deleted"
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@trafficmp[2].txt:\trafficmp.com.a00e30b4;"Found Tracking cookie.Trafficmp";"Deleted"
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@trafficmp[2].txt:\trafficmp.com.84c36c62;"Found Tracking cookie.Trafficmp";"Deleted"
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@trafficmp[2].txt:\trafficmp.com.6b44e3b8;"Found Tracking cookie.Trafficmp";"Deleted"
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@trafficmp[2].txt:\trafficmp.com.37644bdb;"Found Tracking cookie.Trafficmp";"Deleted"
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@trafficmp[2].txt;"Found Tracking cookie.Trafficmp";"Healed"
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@serving-sys[1].txt:\serving-sys.com.db46cecc;"Found Tracking cookie.Serving-sys";"Deleted"
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@serving-sys[1].txt:\serving-sys.com.ac41fe5a;"Found Tracking cookie.Serving-sys";"Deleted"
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@serving-sys[1].txt:\serving-sys.com.6a1cf9e8;"Found Tracking cookie.Serving-sys";"Deleted"
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@serving-sys[1].txt:\serving-sys.com.606c3d3b;"Found Tracking cookie.Serving-sys";"Deleted"
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@serving-sys[1].txt:\serving-sys.com.4b416ef8;"Found Tracking cookie.Serving-sys";"Deleted"
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@serving-sys[1].txt:\serving-sys.com.400f83f;"Found Tracking cookie.Serving-sys";"Deleted"
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@serving-sys[1].txt:\serving-sys.com.255d6f2f;"Found Tracking cookie.Serving-sys";"Deleted"
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@serving-sys[1].txt;"Found Tracking cookie.Serving-sys";"Healed"
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt:\bs.serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Deleted"
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt;"Found Tracking cookie.Serving-sys";"Healed"
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@atdmt[1].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Deleted"
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@atdmt[1].txt:\atdmt.com.7247c262;"Found Tracking cookie.Atdmt";"Deleted"
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@atdmt[1].txt;"Found Tracking cookie.Atdmt";"Deleted"


After rebooting, still having same problems.

I did a GMER scan last night and it found nothing. When I tried to run one today, it opens the program but says it can't find the file specified??

Here are the OTL logs:

OTL logfile created on: 10/5/2010 5:45:40 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Guest\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.94 Gb Total Space | 166.02 Gb Free Space | 57.86% Space Free | Partition Type: NTFS
Drive D: | 11.14 Gb Total Space | 1.85 Gb Free Space | 16.60% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANNA-PC
Current User Name: Guest
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/05 17:44:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Guest\Desktop\OTL.exe
PRC - [2010/10/04 11:50:19 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2008/04/15 20:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (SafeList) ==========

MOD - [2010/10/05 17:44:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Guest\Desktop\OTL.exe
MOD - [2008/01/20 21:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/20 08:22:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\1.bin File not found


O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Silhouette.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Silhouette.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: iphlpsvc - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2010/10/05 17:44:27 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Guest\Desktop\OTL.exe
[2010/10/05 17:37:01 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Roaming\HPAppData
[2010/10/05 12:43:12 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Roaming\Malwarebytes
[2010/10/05 12:36:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/05 12:33:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/10/04 15:39:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/04 15:39:05 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/04 15:39:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/04 15:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/04 15:35:54 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/10/04 15:11:40 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Roaming\Macromedia
[2010/10/04 15:11:39 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Roaming\Adobe
[2010/10/04 15:10:58 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Roaming\Apple Computer
[2010/10/04 15:10:55 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Local\QuickPlay
[2010/10/04 15:10:46 | 000,000,000 | R--D | C] -- C:\Users\Guest\Searches
[2010/10/04 15:10:35 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Roaming\Identities
[2010/10/04 15:10:32 | 000,000,000 | R--D | C] -- C:\Users\Guest\Contacts
[2010/10/04 15:10:31 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Local\VirtualStore
[2010/10/04 15:10:26 | 000,000,000 | --SD | C] -- C:\Users\Guest\AppData\Roaming\Microsoft
[2010/10/04 15:10:26 | 000,000,000 | R--D | C] -- C:\Users\Guest\Videos
[2010/10/04 15:10:26 | 000,000,000 | R--D | C] -- C:\Users\Guest\Saved Games
[2010/10/04 15:10:26 | 000,000,000 | R--D | C] -- C:\Users\Guest\Pictures
[2010/10/04 15:10:26 | 000,000,000 | R--D | C] -- C:\Users\Guest\Music
[2010/10/04 15:10:26 | 000,000,000 | R--D | C] -- C:\Users\Guest\Links
[2010/10/04 15:10:26 | 000,000,000 | R--D | C] -- C:\Users\Guest\Favorites
[2010/10/04 15:10:26 | 000,000,000 | R--D | C] -- C:\Users\Guest\Downloads
[2010/10/04 15:10:26 | 000,000,000 | R--D | C] -- C:\Users\Guest\Documents
[2010/10/04 15:10:26 | 000,000,000 | R--D | C] -- C:\Users\Guest\Desktop
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\AppData\Local\Temporary Internet Files
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\Templates
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\Start Menu
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\SendTo
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\Recent
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\PrintHood
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\NetHood
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\Documents\My Videos
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\Documents\My Pictures
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\Documents\My Music
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\My Documents
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\Local Settings
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\AppData\Local\History
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\Cookies
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\Application Data
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\AppData\Local\Application Data
[2010/10/04 15:10:26 | 000,000,000 | -H-D | C] -- C:\Users\Guest\AppData
[2010/10/04 15:10:26 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Local\Temp
[2010/10/04 15:10:26 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Local\Microsoft Help
[2010/10/04 15:10:26 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Local\Microsoft
[2010/10/04 15:10:26 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Roaming\Media Center Programs
[2010/10/04 12:18:11 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/10/04 11:48:41 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/09/20 12:43:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2010/09/14 22:49:04 | 000,000,000 | ---D | C] -- C:\6cd436ebb13b20a96d0207c847
[2010/08/11 20:09:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Broderbund Software
[2010/08/11 19:55:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web Publish
[2010/08/11 19:55:07 | 000,970,752 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf210.dll
[2010/08/11 18:57:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Broderbund
[2010/08/11 18:57:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Print Shop 22
[2010/08/11 18:54:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP

========== Files - Modified Within 90 Days ==========

[2010/10/05 17:45:57 | 000,786,432 | -HS- | M] () -- C:\Users\Guest\NTUSER.DAT
[2010/10/05 17:44:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Guest\Desktop\OTL.exe
[2010/10/05 17:42:39 | 000,293,376 | ---- | M] () -- C:\Users\Guest\Desktop\mtcl74d7.exe
[2010/10/05 17:40:04 | 000,284,915 | ---- | M] () -- C:\Users\Guest\Desktop\gmer.zip
[2010/10/05 17:36:23 | 000,000,222 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/10/05 17:30:54 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/05 17:30:54 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/05 17:30:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/05 17:30:39 | 4222,832,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/05 17:29:43 | 000,524,288 | -HS- | M] () -- C:\Users\Guest\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/10/05 17:29:43 | 000,065,536 | -HS- | M] () -- C:\Users\Guest\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/10/05 17:29:39 | 001,819,995 | -H-- | M] () -- C:\Users\Guest\AppData\Local\IconCache.db
[2010/10/05 12:34:01 | 000,000,763 | ---- | M] () -- C:\Users\Guest\Desktop\NTREGOPT.lnk
[2010/10/05 12:34:01 | 000,000,744 | ---- | M] () -- C:\Users\Guest\Desktop\ERUNT.lnk
[2010/10/05 05:48:01 | 065,638,003 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/10/04 15:48:20 | 000,524,288 | -HS- | M] () -- C:\Users\Guest\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2010/10/04 15:39:09 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/04 15:11:25 | 000,000,973 | ---- | M] () -- C:\Users\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/04 15:10:54 | 000,419,496 | ---- | M] () -- C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/10/04 15:10:26 | 000,000,020 | -HS- | M] () -- C:\Users\Guest\ntuser.ini
[2010/10/04 11:49:20 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/10/04 11:48:41 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/10/04 11:48:39 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/10/04 11:45:38 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/09/20 12:43:27 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2010/09/19 22:52:35 | 000,704,434 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/19 22:52:35 | 000,604,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/19 22:52:35 | 000,105,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/03 17:39:58 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/08/25 19:22:45 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/08/13 03:35:28 | 001,198,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/13 03:08:45 | 000,721,824 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/11 19:54:40 | 000,001,876 | ---- | M] () -- C:\Users\Public\Desktop\The Print Shop 22.lnk

========== Files Created - No Company Name ==========

[2010/10/05 17:42:31 | 000,293,376 | ---- | C] () -- C:\Users\Guest\Desktop\mtcl74d7.exe
[2010/10/05 17:40:02 | 000,284,915 | ---- | C] () -- C:\Users\Guest\Desktop\gmer.zip
[2010/10/05 12:34:01 | 000,000,763 | ---- | C] () -- C:\Users\Guest\Desktop\NTREGOPT.lnk
[2010/10/05 12:34:01 | 000,000,744 | ---- | C] () -- C:\Users\Guest\Desktop\ERUNT.lnk
[2010/10/04 15:39:09 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/04 15:11:25 | 000,000,973 | ---- | C] () -- C:\Users\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/04 15:10:59 | 000,000,000 | ---- | C] () -- C:\Users\Guest\AppData\Local\QSwitch.txt
[2010/10/04 15:10:59 | 000,000,000 | ---- | C] () -- C:\Users\Guest\AppData\Local\DSwitch.txt
[2010/10/04 15:10:59 | 000,000,000 | ---- | C] () -- C:\Users\Guest\AppData\Local\AtStart.txt
[2010/10/04 15:10:26 | 000,786,432 | -HS- | C] () -- C:\Users\Guest\NTUSER.DAT
[2010/10/04 15:10:26 | 000,524,288 | -HS- | C] () -- C:\Users\Guest\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2010/10/04 15:10:26 | 000,524,288 | -HS- | C] () -- C:\Users\Guest\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/10/04 15:10:26 | 000,262,144 | -H-- | C] () -- C:\Users\Guest\ntuser.dat.LOG1
[2010/10/04 15:10:26 | 000,065,536 | -HS- | C] () -- C:\Users\Guest\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/10/04 15:10:26 | 000,000,258 | ---- | C] () -- C:\Users\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/10/04 15:10:26 | 000,000,240 | ---- | C] () -- C:\Users\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/10/04 15:10:26 | 000,000,020 | -HS- | C] () -- C:\Users\Guest\ntuser.ini
[2010/10/04 15:10:26 | 000,000,000 | -H-- | C] () -- C:\Users\Guest\ntuser.dat.LOG2
[2010/10/04 14:06:08 | 4222,832,640 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/20 12:43:27 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2010/09/03 17:39:58 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/08/25 19:22:44 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/08/11 19:54:40 | 000,001,876 | ---- | C] () -- C:\Users\Public\Desktop\The Print Shop 22.lnk
[2010/08/11 18:54:39 | 000,721,824 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/17 14:33:32 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/17 14:32:08 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/01/12 21:27:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/07/01 03:50:39 | 000,000,735 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== LOP Check ==========


========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/10/05 17:30:39 | 4222,832,640 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/16 13:20:51 | 000,000,368 | -H-- | M] () -- C:\IPH.PH
[2006/12/02 01:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/10/05 17:30:38 | 241,451,007 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >
< End of report >


OTL Extras log:

OTL Extras logfile created on: 10/5/2010 5:45:40 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Guest\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.94 Gb Total Space | 166.02 Gb Free Space | 57.86% Space Free | Partition Type: NTFS
Drive D: | 11.14 Gb Total Space | 1.85 Gb Free Space | 16.60% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANNA-PC
Current User Name: Guest
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 92 69 1B 48 27 3C CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C1BB2C7-95DC-428E-8EAC-0893B06398D3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F08C99A-6724-4DFA-A233-2CD0CBC332BE}" = lport=137 | protocol=17 | dir=in | app=system |
"{4AAC5F55-90A3-4F58-BBC4-6EBCE4AACE63}" = rport=139 | protocol=6 | dir=out | app=system |
"{52C228EC-0D49-4EB7-B500-FF196E11D12A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{643F49DA-5316-4F28-B9A4-820CD2A58525}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6638F3BE-2B29-4E87-BA06-11D8343B01B6}" = rport=138 | protocol=17 | dir=out | app=system |
"{723E1D59-7D54-4DEF-B1C1-C545AA800D73}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7B14D538-8A39-4466-A47D-F1BDD1AEC992}" = rport=10243 | protocol=6 | dir=out | app=system |
"{89721F09-364B-43BF-A425-32DAFAC5519B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A1F8EF59-F810-454D-8E8D-227AEEBA52D9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2FBA578-337E-4644-8795-49BF51EE9051}" = rport=445 | protocol=6 | dir=out | app=system |
"{A7F0CE42-DD08-409A-A0E7-9DBE3A34EB1B}" = lport=139 | protocol=6 | dir=in | app=system |
"{B31999B6-5E1B-41D0-8933-1793811CA5FC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C1CF467F-6F67-4BD8-8EB6-2DF519383645}" = rport=137 | protocol=17 | dir=out | app=system |
"{D5498965-BAD0-4B84-AC43-FFEF4694455B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D706E4AB-E487-4F15-AF5B-2D391DA9AB8B}" = lport=445 | protocol=6 | dir=in | app=system |
"{D8DB4DB2-56A4-450E-8899-81105FC0C45D}" = lport=138 | protocol=17 | dir=in | app=system |
"{ED4A7FAE-5B1D-457B-9BA2-8E0FA0BDA2BD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{FBB48CDB-FCB4-4B74-8C12-6F35AEF0B993}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0315BEE0-0CA0-4FF7-9F5A-254A7189318E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0393BE20-3B58-49D0-AA7C-2C69218C236C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{13073C2B-754A-4840-A8A5-63AE4E27615D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1373130F-7D20-4874-A5BD-B16ECD63ABA6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{161509FD-18BF-4FEA-86F9-F9DC6F7991EB}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
"{1A7C1588-9DC7-45CF-889E-1C1C0DEA877C}" = protocol=1 | dir=out | [email protected],-28544 |
"{228FA6BF-2AAA-4B60-8AE2-AE3BF6C9995E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{31CEE77A-BF2D-4B1A-9414-12CD770A8A07}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{32958DEF-83F1-49F4-9BFC-4590CBAA173B}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{354C0EA1-40F4-4426-B1F3-D916F2B0BE75}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{362401F7-BE19-4581-9007-609396434DDD}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{376F55A3-B5A6-48DF-9F5A-EDCF1F1AA172}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3AB35617-5E3D-4676-A5F9-BFAA400B80F3}" = protocol=6 | dir=out | app=system |
"{3AB74CE1-D1D5-49EE-8611-21AAAABAC489}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{49EB060B-1654-4365-8821-B53BDE9F8E8A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4CD7B22D-AEB5-46EE-B015-5360A95C25FC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{4E255833-5DC9-4717-A4DC-34981FDAD3DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{574BC304-FE4A-415D-BAF2-C81CDA9E1408}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5BB8D86D-74EF-4A86-8798-1B1C7628F0A3}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{70C38BEE-48D0-4B9B-9144-1D356F9DB29F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{727984D2-2728-4CC0-9F6B-13FE281A48B1}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{769CD892-78FB-4D66-96E6-4016D4948D6A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{80497667-EC2D-4254-A180-4C2164A8AB7F}" = protocol=58 | dir=in | [email protected],-28545 |
"{90E296B1-97E6-414F-81B2-ACAAAC812BEF}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{9100CBCD-D300-4B5E-B3CE-31B3EA6BB00B}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |
"{918DF300-3AB1-4F68-936D-64E289C5D467}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{958CC570-3F4F-430A-A08A-6798B0F4453E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{966B373B-4313-4E54-9ABA-06E5F87F5CA6}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{9D1D1746-B2A0-4906-AFDD-7B5B025404D2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9F9FCA11-9991-45E1-8F10-0F033A2A56AE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{A1495DAD-5610-49E2-BBE9-B09FDF162CAD}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |
"{A4ADB981-AD5E-42DD-9BF2-EB893906F1C3}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{AECF3F41-7A38-4448-AE10-53614D55D982}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B3F2252B-6D34-4242-85DC-16258DB666A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BCA9C240-3902-4EFB-93A2-6B3D45F7FFD8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BD06F9A7-9405-4660-86D3-28B8A0F9B338}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE3D51CC-A33E-4EEF-AB38-53F99C99428F}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{BE77454B-BB01-4A7C-8A7F-D18A9BBF03CC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C3C87AB3-59F4-45D4-94DB-A7F7F0AEBF44}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C425D4E5-C08B-43F1-B46B-D9AE1EBB6A81}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CE6883C0-D2FF-410F-83F1-738A9694F906}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{D0387CFB-D642-4B96-88BC-0BE927D94068}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7DE94BD-47D0-4AC1-B697-692AABF8C9D1}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{D956CF4A-3BF7-4864-9ED6-78EDE1718599}" = protocol=58 | dir=out | [email protected],-28546 |
"{E86B7517-60EF-466A-A1BE-B2FECF81CD99}" = protocol=1 | dir=in | [email protected],-28543 |
"{EE1B3FFE-129C-4CD4-9629-D1F107C6DCF8}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{EE6A794E-FDC5-4657-990B-739E23C9611A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F3D58187-FA98-46C0-9EAE-228D99849D48}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FE59E72F-3B40-4EB3-83C7-F8D7BC711F26}" = dir=in | app=c:\program files (x86)\avg\avg9\avgemc.exe |
"TCP Query User{11109595-08B8-4D19-B92A-C61DF8700311}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{45F757DE-4EF7-4BBA-8E07-92D63A8CC5AE}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{973DEF53-492F-4FA3-837A-5EFECB888838}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{DE476275-1E97-489D-A8EC-484032A82C07}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AD2F8FE-A357-4728-BDF8-B92D794CE793}" = HP QuickTouch 1.00 D2
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{34A350D1-64FB-36D8-9D0C-1CD8E392DBA5}" = Google Talk Plugin
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8C0DF485-DB3E-453C-BFB3-4C47E636ECF9}" = Serif WebPlus 10
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A869A1DA-9571-4287-B170-4A7246994C84}" = Serif WebPlus 10 Resources
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E34351A4-4B10-4DFF-96BC-84C642D9C625}" = The Print Shop 22
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}" = HP User Guides 0102
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"AVG9Uninstall" = AVG Free 9.0
"BitTorrent" = BitTorrent
"DVDFab 6_is1" = DVDFab 6.0.4.0 (28/07/2009)
"ERUNT_is1" = ERUNT 1.1j
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Nursing Assistant CD" = Nursing Assistant CD
"Peggle Deluxe 1.01" = Peggle Deluxe 1.01
"Picasa 3" = Picasa 3
"RaybanMirror" = Ray-Ban Virtual Mirror
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WildTangent hp Master Uninstall" = My HP Games

< End of report >








I seem to be more confused now than ever! I hope you can help.

Thank you,

Anna

[Advertisements]

Hello banana80,

Please run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
  IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
  FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\1.bin File not found
  [2010/10/05 17:42:31 | 000,293,376 | ---- | C] () -- C:\Users\Guest\Desktop\mtcl74d7.exe
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O4 - HKLM..\Run: [] File not found
  
  :Files
  C:\users\anna\appdata\local\temp\dwm.exe
  
  :Commands
  [emptytemp]
  [emptyflash]
  [resethosts]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• It will produce a log for you on reboot, please post that log in your next reply.

Next

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3. It uses Java Runtime Environment (JRE) .

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

• Read through the requirements and privacy statement and click on Accept button.
• It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Copy and paste that information in your next post.

So when you return please post

• OTL fix log
• Kaspersky scan results

[emeraldnzl]

Hello banana80,

Please run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
  IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
  FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\1.bin File not found
  [2010/10/05 17:42:31 | 000,293,376 | ---- | C] () -- C:\Users\Guest\Desktop\mtcl74d7.exe
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O4 - HKLM..\Run: [] File not found
  
  :Files
  C:\users\anna\appdata\local\temp\dwm.exe
  
  :Commands
  [emptytemp]
  [emptyflash]
  [resethosts]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• It will produce a log for you on reboot, please post that log in your next reply.

Next

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3. It uses Java Runtime Environment (JRE) .

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

• Read through the requirements and privacy statement and click on Accept button.
• It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Copy and paste that information in your next post.

So when you return please post

• OTL fix log
• Kaspersky scan results

[banana80]

Ok, when I run OTL using the instructions you gave me, it starts to run, then an error message pops up and says:

Cannot create file C:\windows\system32\drivers\etc\hosts.

I then hit ok. Its now saying "resetting hosts file. Do not interrupt." and has been stuck on this for quite a long time. Does it normally take a very long time to do this?

Thanks.

[emeraldnzl]

My guess is that something is getting in the way.

Let's try rebooting and see if you have a log to post back.

A copy of an OTL fix log is saved in a text file at

* :\_OTL\Moved Files
in most cases this will be C:\_OTL\Moved Files

[banana80]

I rebooted and can't find any OTL files other than from the scan yesterday, which was posted in this thread. Ugh.

[emeraldnzl]

I rebooted and can't find any OTL files other than from the scan yesterday, which was posted in this thread. Ugh.

Not to worry, we will have a look at another run of OTL. That will help us see what happened.

• Close all windows and open OTL again.
• Click Run Scan and let the program run uninterrupted
• It will produce a log for you. Post the log here.

[banana80]

Here's the log from the OTL scan. Thanks!


OTL logfile created on: 10/7/2010 8:36:43 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Guest\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.94 Gb Total Space | 165.63 Gb Free Space | 57.72% Space Free | Partition Type: NTFS
Drive D: | 11.14 Gb Total Space | 1.85 Gb Free Space | 16.60% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANNA-PC
Current User Name: Guest
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/05 17:44:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Guest\Desktop\OTL.exe
PRC - [2010/10/04 11:50:19 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2008/04/15 20:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (SafeList) ==========

MOD - [2010/10/05 17:44:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Guest\Desktop\OTL.exe
MOD - [2008/01/20 21:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/20 08:22:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\1.bin File not found


O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Silhouette.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Silhouette.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/06 22:48:40 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Roaming\HPAppData
[2010/10/05 17:44:27 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Guest\Desktop\OTL.exe
[2010/10/05 12:43:12 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Roaming\Malwarebytes
[2010/10/05 12:36:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/05 12:33:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/10/04 15:39:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/04 15:39:05 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/04 15:39:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/04 15:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/04 15:35:54 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/10/04 15:11:40 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Roaming\Macromedia
[2010/10/04 15:11:39 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Roaming\Adobe
[2010/10/04 15:10:58 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Roaming\Apple Computer
[2010/10/04 15:10:55 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Local\QuickPlay
[2010/10/04 15:10:46 | 000,000,000 | R--D | C] -- C:\Users\Guest\Searches
[2010/10/04 15:10:35 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Roaming\Identities
[2010/10/04 15:10:32 | 000,000,000 | R--D | C] -- C:\Users\Guest\Contacts
[2010/10/04 15:10:31 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Local\VirtualStore
[2010/10/04 15:10:26 | 000,000,000 | --SD | C] -- C:\Users\Guest\AppData\Roaming\Microsoft
[2010/10/04 15:10:26 | 000,000,000 | R--D | C] -- C:\Users\Guest\Videos
[2010/10/04 15:10:26 | 000,000,000 | R--D | C] -- C:\Users\Guest\Saved Games
[2010/10/04 15:10:26 | 000,000,000 | R--D | C] -- C:\Users\Guest\Pictures
[2010/10/04 15:10:26 | 000,000,000 | R--D | C] -- C:\Users\Guest\Music
[2010/10/04 15:10:26 | 000,000,000 | R--D | C] -- C:\Users\Guest\Links
[2010/10/04 15:10:26 | 000,000,000 | R--D | C] -- C:\Users\Guest\Favorites
[2010/10/04 15:10:26 | 000,000,000 | R--D | C] -- C:\Users\Guest\Downloads
[2010/10/04 15:10:26 | 000,000,000 | R--D | C] -- C:\Users\Guest\Documents
[2010/10/04 15:10:26 | 000,000,000 | R--D | C] -- C:\Users\Guest\Desktop
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\AppData\Local\Temporary Internet Files
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\Templates
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\Start Menu
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\SendTo
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\Recent
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\PrintHood
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\NetHood
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\Documents\My Videos
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\Documents\My Pictures
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\Documents\My Music
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\My Documents
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\Local Settings
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\AppData\Local\History
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\Cookies
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\Application Data
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\AppData\Local\Application Data
[2010/10/04 15:10:26 | 000,000,000 | -H-D | C] -- C:\Users\Guest\AppData
[2010/10/04 15:10:26 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Local\Temp
[2010/10/04 15:10:26 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Local\Microsoft Help
[2010/10/04 15:10:26 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Local\Microsoft
[2010/10/04 15:10:26 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Roaming\Media Center Programs
[2010/10/04 12:18:11 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/10/04 11:48:41 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/09/20 12:43:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2010/09/14 22:49:04 | 000,000,000 | ---D | C] -- C:\6cd436ebb13b20a96d0207c847
[2010/09/14 13:19:32 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2010/09/14 13:19:32 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/09/14 13:18:45 | 000,621,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll

========== Files - Modified Within 30 Days ==========

[2010/10/07 08:37:21 | 000,786,432 | -HS- | M] () -- C:\Users\Guest\NTUSER.DAT
[2010/10/07 08:16:52 | 065,707,947 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/10/07 08:12:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/06 22:45:43 | 000,000,222 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/10/06 22:44:42 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/06 22:44:42 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/06 22:44:22 | 4222,832,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/06 22:43:27 | 000,524,288 | -HS- | M] () -- C:\Users\Guest\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/10/06 22:43:27 | 000,065,536 | -HS- | M] () -- C:\Users\Guest\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/10/06 21:55:57 | 001,826,463 | -H-- | M] () -- C:\Users\Guest\AppData\Local\IconCache.db
[2010/10/06 20:59:25 | 000,009,840 | ---- | M] () -- C:\Users\Guest\Documents\Cannot create file c.docx
[2010/10/05 18:38:38 | 000,008,074 | ---- | M] () -- C:\Users\Guest\Documents\AVG.csv
[2010/10/05 17:44:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Guest\Desktop\OTL.exe
[2010/10/05 17:42:39 | 000,293,376 | ---- | M] () -- C:\Users\Guest\Desktop\mtcl74d7.exe
[2010/10/05 17:40:04 | 000,284,915 | ---- | M] () -- C:\Users\Guest\Desktop\gmer.zip
[2010/10/05 12:34:01 | 000,000,763 | ---- | M] () -- C:\Users\Guest\Desktop\NTREGOPT.lnk
[2010/10/05 12:34:01 | 000,000,744 | ---- | M] () -- C:\Users\Guest\Desktop\ERUNT.lnk
[2010/10/04 15:48:20 | 000,524,288 | -HS- | M] () -- C:\Users\Guest\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2010/10/04 15:39:09 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/04 15:11:25 | 000,000,973 | ---- | M] () -- C:\Users\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/04 15:10:54 | 000,419,496 | ---- | M] () -- C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/10/04 15:10:26 | 000,000,020 | -HS- | M] () -- C:\Users\Guest\ntuser.ini
[2010/10/04 11:49:20 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/10/04 11:48:41 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/10/04 11:48:39 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/10/04 11:45:38 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/09/20 12:43:27 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2010/09/19 22:52:35 | 000,704,434 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/19 22:52:35 | 000,604,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/19 22:52:35 | 000,105,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2010/10/06 20:59:25 | 000,009,840 | ---- | C] () -- C:\Users\Guest\Documents\Cannot create file c.docx
[2010/10/05 18:38:38 | 000,008,074 | ---- | C] () -- C:\Users\Guest\Documents\AVG.csv
[2010/10/05 17:42:31 | 000,293,376 | ---- | C] () -- C:\Users\Guest\Desktop\mtcl74d7.exe
[2010/10/05 17:40:02 | 000,284,915 | ---- | C] () -- C:\Users\Guest\Desktop\gmer.zip
[2010/10/05 12:34:01 | 000,000,763 | ---- | C] () -- C:\Users\Guest\Desktop\NTREGOPT.lnk
[2010/10/05 12:34:01 | 000,000,744 | ---- | C] () -- C:\Users\Guest\Desktop\ERUNT.lnk
[2010/10/04 15:39:09 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/04 15:11:25 | 000,000,973 | ---- | C] () -- C:\Users\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/04 15:10:59 | 000,000,000 | ---- | C] () -- C:\Users\Guest\AppData\Local\QSwitch.txt
[2010/10/04 15:10:59 | 000,000,000 | ---- | C] () -- C:\Users\Guest\AppData\Local\DSwitch.txt
[2010/10/04 15:10:59 | 000,000,000 | ---- | C] () -- C:\Users\Guest\AppData\Local\AtStart.txt
[2010/10/04 15:10:26 | 000,786,432 | -HS- | C] () -- C:\Users\Guest\NTUSER.DAT
[2010/10/04 15:10:26 | 000,524,288 | -HS- | C] () -- C:\Users\Guest\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2010/10/04 15:10:26 | 000,524,288 | -HS- | C] () -- C:\Users\Guest\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/10/04 15:10:26 | 000,262,144 | -H-- | C] () -- C:\Users\Guest\ntuser.dat.LOG1
[2010/10/04 15:10:26 | 000,065,536 | -HS- | C] () -- C:\Users\Guest\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/10/04 15:10:26 | 000,000,258 | ---- | C] () -- C:\Users\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/10/04 15:10:26 | 000,000,240 | ---- | C] () -- C:\Users\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/10/04 15:10:26 | 000,000,020 | -HS- | C] () -- C:\Users\Guest\ntuser.ini
[2010/10/04 15:10:26 | 000,000,000 | -H-- | C] () -- C:\Users\Guest\ntuser.dat.LOG2
[2010/10/04 14:06:08 | 4222,832,640 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/20 12:43:27 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2010/08/11 18:54:39 | 000,721,824 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/17 14:33:32 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/17 14:32:08 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/01/12 21:27:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/07/01 03:50:39 | 000,000,735 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
< End of report >



Not sure if you need this or not, but here's the OTL Extra's log:


OTL Extras logfile created on: 10/7/2010 8:36:43 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Guest\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.94 Gb Total Space | 165.63 Gb Free Space | 57.72% Space Free | Partition Type: NTFS
Drive D: | 11.14 Gb Total Space | 1.85 Gb Free Space | 16.60% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANNA-PC
Current User Name: Guest
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 92 69 1B 48 27 3C CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C1BB2C7-95DC-428E-8EAC-0893B06398D3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F08C99A-6724-4DFA-A233-2CD0CBC332BE}" = lport=137 | protocol=17 | dir=in | app=system |
"{4AAC5F55-90A3-4F58-BBC4-6EBCE4AACE63}" = rport=139 | protocol=6 | dir=out | app=system |
"{52C228EC-0D49-4EB7-B500-FF196E11D12A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{643F49DA-5316-4F28-B9A4-820CD2A58525}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6638F3BE-2B29-4E87-BA06-11D8343B01B6}" = rport=138 | protocol=17 | dir=out | app=system |
"{723E1D59-7D54-4DEF-B1C1-C545AA800D73}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7B14D538-8A39-4466-A47D-F1BDD1AEC992}" = rport=10243 | protocol=6 | dir=out | app=system |
"{89721F09-364B-43BF-A425-32DAFAC5519B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A1F8EF59-F810-454D-8E8D-227AEEBA52D9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2FBA578-337E-4644-8795-49BF51EE9051}" = rport=445 | protocol=6 | dir=out | app=system |
"{A7F0CE42-DD08-409A-A0E7-9DBE3A34EB1B}" = lport=139 | protocol=6 | dir=in | app=system |
"{B31999B6-5E1B-41D0-8933-1793811CA5FC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C1CF467F-6F67-4BD8-8EB6-2DF519383645}" = rport=137 | protocol=17 | dir=out | app=system |
"{D5498965-BAD0-4B84-AC43-FFEF4694455B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D706E4AB-E487-4F15-AF5B-2D391DA9AB8B}" = lport=445 | protocol=6 | dir=in | app=system |
"{D8DB4DB2-56A4-450E-8899-81105FC0C45D}" = lport=138 | protocol=17 | dir=in | app=system |
"{ED4A7FAE-5B1D-457B-9BA2-8E0FA0BDA2BD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{FBB48CDB-FCB4-4B74-8C12-6F35AEF0B993}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0315BEE0-0CA0-4FF7-9F5A-254A7189318E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0393BE20-3B58-49D0-AA7C-2C69218C236C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{13073C2B-754A-4840-A8A5-63AE4E27615D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1373130F-7D20-4874-A5BD-B16ECD63ABA6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{161509FD-18BF-4FEA-86F9-F9DC6F7991EB}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
"{1A7C1588-9DC7-45CF-889E-1C1C0DEA877C}" = protocol=1 | dir=out | [email protected],-28544 |
"{228FA6BF-2AAA-4B60-8AE2-AE3BF6C9995E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{31CEE77A-BF2D-4B1A-9414-12CD770A8A07}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{32958DEF-83F1-49F4-9BFC-4590CBAA173B}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{354C0EA1-40F4-4426-B1F3-D916F2B0BE75}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{362401F7-BE19-4581-9007-609396434DDD}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{376F55A3-B5A6-48DF-9F5A-EDCF1F1AA172}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3AB35617-5E3D-4676-A5F9-BFAA400B80F3}" = protocol=6 | dir=out | app=system |
"{3AB74CE1-D1D5-49EE-8611-21AAAABAC489}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{49EB060B-1654-4365-8821-B53BDE9F8E8A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4CD7B22D-AEB5-46EE-B015-5360A95C25FC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{4E255833-5DC9-4717-A4DC-34981FDAD3DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{574BC304-FE4A-415D-BAF2-C81CDA9E1408}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5BB8D86D-74EF-4A86-8798-1B1C7628F0A3}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{70C38BEE-48D0-4B9B-9144-1D356F9DB29F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{727984D2-2728-4CC0-9F6B-13FE281A48B1}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{769CD892-78FB-4D66-96E6-4016D4948D6A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{80497667-EC2D-4254-A180-4C2164A8AB7F}" = protocol=58 | dir=in | [email protected],-28545 |
"{90E296B1-97E6-414F-81B2-ACAAAC812BEF}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{9100CBCD-D300-4B5E-B3CE-31B3EA6BB00B}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |
"{918DF300-3AB1-4F68-936D-64E289C5D467}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{958CC570-3F4F-430A-A08A-6798B0F4453E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{966B373B-4313-4E54-9ABA-06E5F87F5CA6}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{9D1D1746-B2A0-4906-AFDD-7B5B025404D2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9F9FCA11-9991-45E1-8F10-0F033A2A56AE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{A1495DAD-5610-49E2-BBE9-B09FDF162CAD}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |
"{A4ADB981-AD5E-42DD-9BF2-EB893906F1C3}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{AECF3F41-7A38-4448-AE10-53614D55D982}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B3F2252B-6D34-4242-85DC-16258DB666A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BCA9C240-3902-4EFB-93A2-6B3D45F7FFD8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BD06F9A7-9405-4660-86D3-28B8A0F9B338}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE3D51CC-A33E-4EEF-AB38-53F99C99428F}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{BE77454B-BB01-4A7C-8A7F-D18A9BBF03CC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C3C87AB3-59F4-45D4-94DB-A7F7F0AEBF44}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C425D4E5-C08B-43F1-B46B-D9AE1EBB6A81}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CE6883C0-D2FF-410F-83F1-738A9694F906}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{D0387CFB-D642-4B96-88BC-0BE927D94068}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7DE94BD-47D0-4AC1-B697-692AABF8C9D1}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{D956CF4A-3BF7-4864-9ED6-78EDE1718599}" = protocol=58 | dir=out | [email protected],-28546 |
"{E86B7517-60EF-466A-A1BE-B2FECF81CD99}" = protocol=1 | dir=in | [email protected],-28543 |
"{EE1B3FFE-129C-4CD4-9629-D1F107C6DCF8}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{EE6A794E-FDC5-4657-990B-739E23C9611A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F3D58187-FA98-46C0-9EAE-228D99849D48}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FE59E72F-3B40-4EB3-83C7-F8D7BC711F26}" = dir=in | app=c:\program files (x86)\avg\avg9\avgemc.exe |
"TCP Query User{11109595-08B8-4D19-B92A-C61DF8700311}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{45F757DE-4EF7-4BBA-8E07-92D63A8CC5AE}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{973DEF53-492F-4FA3-837A-5EFECB888838}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{DE476275-1E97-489D-A8EC-484032A82C07}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AD2F8FE-A357-4728-BDF8-B92D794CE793}" = HP QuickTouch 1.00 D2
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{34A350D1-64FB-36D8-9D0C-1CD8E392DBA5}" = Google Talk Plugin
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8C0DF485-DB3E-453C-BFB3-4C47E636ECF9}" = Serif WebPlus 10
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A869A1DA-9571-4287-B170-4A7246994C84}" = Serif WebPlus 10 Resources
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E34351A4-4B10-4DFF-96BC-84C642D9C625}" = The Print Shop 22
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}" = HP User Guides 0102
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"AVG9Uninstall" = AVG Free 9.0
"BitTorrent" = BitTorrent
"DVDFab 6_is1" = DVDFab 6.0.4.0 (28/07/2009)
"ERUNT_is1" = ERUNT 1.1j
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Nursing Assistant CD" = Nursing Assistant CD
"Peggle Deluxe 1.01" = Peggle Deluxe 1.01
"Picasa 3" = Picasa 3
"RaybanMirror" = Ray-Ban Virtual Mirror
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WildTangent hp Master Uninstall" = My HP Games

< End of report >

[emeraldnzl]

Hello banana80,

Looks as though something happened but clearly it didn't work completely. Let's try a different script and this time we will disable AVG before you run it.

Now

How to disable AVG's Resident Shield.

Right click the AVG icon and click Open.

In the Overview panel click on Resident Shield > Uncheck the Resident Shield Active box > Save Changes.

After that

Please run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\1.bin File not found
  
  :Commands
  [emptytemp]
  [emptyflash]
  [resethosts]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• It will produce a log for you on reboot, please post that log in your next reply.

[banana80]

The same thing is happening this time too. Same error message pops up and says:

Cannot create file C:\windows\system32\drivers\etc\hosts.

Still says "resetting hosts file. Do not interrupt."

[emeraldnzl]

Just one more try before we try a different approach.

Reboot your computer then please run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :processes
  killallprocesses
  
  :OTL
  FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\1.bin File not found
  
  :Commands
  [emptytemp]
  [emptyflash]
  [resethosts]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• It will produce a log for you on reboot, please post that log in your next reply.

[banana80]

Still has the same problem. Any other ideas? Thanks again for your time on this!

[emeraldnzl]

Still has the same problem. Any other ideas?

Interesting... loads of ideas, just a matter of whether they will work

Let's leave out the re-setting of the Hosts file and just see if we can get rid of the MyWebSearch baddie.

Please run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\1.bin File not found
  
  :Commands
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• It will produce a log for you on reboot, please post that log in your next reply.

[banana80]

ok, did the scan. before the reboot it said, "error creating log file"... sooo i rebooted and i can't find a log file of the scan. should i run another scan??

[emeraldnzl]

Yes please run an OTL scan again.

[banana80]

ok, i just clicked "run scan" and here are the log files:

OTL logfile created on: 10/7/2010 10:59:37 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Guest\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 66.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.94 Gb Total Space | 165.50 Gb Free Space | 57.68% Space Free | Partition Type: NTFS
Drive D: | 11.14 Gb Total Space | 1.85 Gb Free Space | 16.60% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANNA-PC
Current User Name: Guest
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/05 17:44:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Guest\Desktop\OTL.exe
PRC - [2010/10/04 11:50:19 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2008/04/15 20:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (SafeList) ==========

MOD - [2010/10/05 17:44:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Guest\Desktop\OTL.exe
MOD - [2008/01/20 21:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/20 08:22:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\1.bin File not found


O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Silhouette.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Silhouette.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/07 22:33:13 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Roaming\HPAppData
[2010/10/05 17:44:27 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Guest\Desktop\OTL.exe
[2010/10/05 12:43:12 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Roaming\Malwarebytes
[2010/10/05 12:36:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/05 12:33:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/10/04 15:39:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/04 15:39:05 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/04 15:39:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/04 15:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/04 15:35:54 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/10/04 15:11:40 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Roaming\Macromedia
[2010/10/04 15:11:39 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Roaming\Adobe
[2010/10/04 15:10:58 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Roaming\Apple Computer
[2010/10/04 15:10:55 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Local\QuickPlay
[2010/10/04 15:10:46 | 000,000,000 | R--D | C] -- C:\Users\Guest\Searches
[2010/10/04 15:10:35 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Roaming\Identities
[2010/10/04 15:10:32 | 000,000,000 | R--D | C] -- C:\Users\Guest\Contacts
[2010/10/04 15:10:31 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Local\VirtualStore
[2010/10/04 15:10:26 | 000,000,000 | --SD | C] -- C:\Users\Guest\AppData\Roaming\Microsoft
[2010/10/04 15:10:26 | 000,000,000 | R--D | C] -- C:\Users\Guest\Videos
[2010/10/04 15:10:26 | 000,000,000 | R--D | C] -- C:\Users\Guest\Saved Games
[2010/10/04 15:10:26 | 000,000,000 | R--D | C] -- C:\Users\Guest\Pictures
[2010/10/04 15:10:26 | 000,000,000 | R--D | C] -- C:\Users\Guest\Music
[2010/10/04 15:10:26 | 000,000,000 | R--D | C] -- C:\Users\Guest\Links
[2010/10/04 15:10:26 | 000,000,000 | R--D | C] -- C:\Users\Guest\Favorites
[2010/10/04 15:10:26 | 000,000,000 | R--D | C] -- C:\Users\Guest\Downloads
[2010/10/04 15:10:26 | 000,000,000 | R--D | C] -- C:\Users\Guest\Documents
[2010/10/04 15:10:26 | 000,000,000 | R--D | C] -- C:\Users\Guest\Desktop
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\AppData\Local\Temporary Internet Files
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\Templates
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\Start Menu
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\SendTo
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\Recent
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\PrintHood
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\NetHood
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\Documents\My Videos
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\Documents\My Pictures
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\Documents\My Music
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\My Documents
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\Local Settings
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\AppData\Local\History
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\Cookies
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\Application Data
[2010/10/04 15:10:26 | 000,000,000 | -HSD | C] -- C:\Users\Guest\AppData\Local\Application Data
[2010/10/04 15:10:26 | 000,000,000 | -H-D | C] -- C:\Users\Guest\AppData
[2010/10/04 15:10:26 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Local\Temp
[2010/10/04 15:10:26 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Local\Microsoft Help
[2010/10/04 15:10:26 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Local\Microsoft
[2010/10/04 15:10:26 | 000,000,000 | ---D | C] -- C:\Users\Guest\AppData\Roaming\Media Center Programs
[2010/10/04 12:18:11 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/10/04 11:48:41 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/09/20 12:43:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2010/09/14 22:49:04 | 000,000,000 | ---D | C] -- C:\6cd436ebb13b20a96d0207c847
[2010/09/14 13:19:32 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2010/09/14 13:19:32 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/09/14 13:18:45 | 000,621,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll

========== Files - Modified Within 30 Days ==========

[2010/10/07 22:59:49 | 000,786,432 | -HS- | M] () -- C:\Users\Guest\NTUSER.DAT
[2010/10/07 22:20:51 | 000,000,222 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/10/07 22:20:42 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/07 22:20:42 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/07 22:20:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/07 22:20:24 | 4222,832,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/07 22:19:39 | 000,524,288 | -HS- | M] () -- C:\Users\Guest\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/10/07 22:19:39 | 000,065,536 | -HS- | M] () -- C:\Users\Guest\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/10/07 22:19:36 | 001,827,545 | -H-- | M] () -- C:\Users\Guest\AppData\Local\IconCache.db
[2010/10/07 08:16:52 | 065,707,947 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/10/06 20:59:25 | 000,009,840 | ---- | M] () -- C:\Users\Guest\Documents\Cannot create file c.docx
[2010/10/05 18:38:38 | 000,008,074 | ---- | M] () -- C:\Users\Guest\Documents\AVG.csv
[2010/10/05 17:44:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Guest\Desktop\OTL.exe
[2010/10/05 17:42:39 | 000,293,376 | ---- | M] () -- C:\Users\Guest\Desktop\mtcl74d7.exe
[2010/10/05 17:40:04 | 000,284,915 | ---- | M] () -- C:\Users\Guest\Desktop\gmer.zip
[2010/10/05 12:34:01 | 000,000,763 | ---- | M] () -- C:\Users\Guest\Desktop\NTREGOPT.lnk
[2010/10/05 12:34:01 | 000,000,744 | ---- | M] () -- C:\Users\Guest\Desktop\ERUNT.lnk
[2010/10/04 15:48:20 | 000,524,288 | -HS- | M] () -- C:\Users\Guest\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2010/10/04 15:39:09 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/04 15:11:25 | 000,000,973 | ---- | M] () -- C:\Users\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/04 15:10:54 | 000,419,496 | ---- | M] () -- C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/10/04 15:10:26 | 000,000,020 | -HS- | M] () -- C:\Users\Guest\ntuser.ini
[2010/10/04 11:49:20 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/10/04 11:48:41 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/10/04 11:48:39 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/10/04 11:45:38 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/09/20 12:43:27 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2010/09/19 22:52:35 | 000,704,434 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/19 22:52:35 | 000,604,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/19 22:52:35 | 000,105,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2010/10/06 20:59:25 | 000,009,840 | ---- | C] () -- C:\Users\Guest\Documents\Cannot create file c.docx
[2010/10/05 18:38:38 | 000,008,074 | ---- | C] () -- C:\Users\Guest\Documents\AVG.csv
[2010/10/05 17:42:31 | 000,293,376 | ---- | C] () -- C:\Users\Guest\Desktop\mtcl74d7.exe
[2010/10/05 17:40:02 | 000,284,915 | ---- | C] () -- C:\Users\Guest\Desktop\gmer.zip
[2010/10/05 12:34:01 | 000,000,763 | ---- | C] () -- C:\Users\Guest\Desktop\NTREGOPT.lnk
[2010/10/05 12:34:01 | 000,000,744 | ---- | C] () -- C:\Users\Guest\Desktop\ERUNT.lnk
[2010/10/04 15:39:09 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/04 15:11:25 | 000,000,973 | ---- | C] () -- C:\Users\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/04 15:10:59 | 000,000,000 | ---- | C] () -- C:\Users\Guest\AppData\Local\QSwitch.txt
[2010/10/04 15:10:59 | 000,000,000 | ---- | C] () -- C:\Users\Guest\AppData\Local\DSwitch.txt
[2010/10/04 15:10:59 | 000,000,000 | ---- | C] () -- C:\Users\Guest\AppData\Local\AtStart.txt
[2010/10/04 15:10:26 | 000,786,432 | -HS- | C] () -- C:\Users\Guest\NTUSER.DAT
[2010/10/04 15:10:26 | 000,524,288 | -HS- | C] () -- C:\Users\Guest\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2010/10/04 15:10:26 | 000,524,288 | -HS- | C] () -- C:\Users\Guest\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/10/04 15:10:26 | 000,262,144 | -H-- | C] () -- C:\Users\Guest\ntuser.dat.LOG1
[2010/10/04 15:10:26 | 000,065,536 | -HS- | C] () -- C:\Users\Guest\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/10/04 15:10:26 | 000,000,258 | ---- | C] () -- C:\Users\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/10/04 15:10:26 | 000,000,240 | ---- | C] () -- C:\Users\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/10/04 15:10:26 | 000,000,020 | -HS- | C] () -- C:\Users\Guest\ntuser.ini
[2010/10/04 15:10:26 | 000,000,000 | -H-- | C] () -- C:\Users\Guest\ntuser.dat.LOG2
[2010/10/04 14:06:08 | 4222,832,640 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/20 12:43:27 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2010/08/11 18:54:39 | 000,721,824 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/17 14:33:32 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/17 14:32:08 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/01/12 21:27:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/07/01 03:50:39 | 000,000,735 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
< End of report >


EXTRAS:


OTL Extras logfile created on: 10/7/2010 10:59:37 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Guest\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 66.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.94 Gb Total Space | 165.50 Gb Free Space | 57.68% Space Free | Partition Type: NTFS
Drive D: | 11.14 Gb Total Space | 1.85 Gb Free Space | 16.60% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANNA-PC
Current User Name: Guest
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 92 69 1B 48 27 3C CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C1BB2C7-95DC-428E-8EAC-0893B06398D3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F08C99A-6724-4DFA-A233-2CD0CBC332BE}" = lport=137 | protocol=17 | dir=in | app=system |
"{4AAC5F55-90A3-4F58-BBC4-6EBCE4AACE63}" = rport=139 | protocol=6 | dir=out | app=system |
"{52C228EC-0D49-4EB7-B500-FF196E11D12A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{643F49DA-5316-4F28-B9A4-820CD2A58525}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6638F3BE-2B29-4E87-BA06-11D8343B01B6}" = rport=138 | protocol=17 | dir=out | app=system |
"{723E1D59-7D54-4DEF-B1C1-C545AA800D73}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7B14D538-8A39-4466-A47D-F1BDD1AEC992}" = rport=10243 | protocol=6 | dir=out | app=system |
"{89721F09-364B-43BF-A425-32DAFAC5519B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A1F8EF59-F810-454D-8E8D-227AEEBA52D9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2FBA578-337E-4644-8795-49BF51EE9051}" = rport=445 | protocol=6 | dir=out | app=system |
"{A7F0CE42-DD08-409A-A0E7-9DBE3A34EB1B}" = lport=139 | protocol=6 | dir=in | app=system |
"{B31999B6-5E1B-41D0-8933-1793811CA5FC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C1CF467F-6F67-4BD8-8EB6-2DF519383645}" = rport=137 | protocol=17 | dir=out | app=system |
"{D5498965-BAD0-4B84-AC43-FFEF4694455B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D706E4AB-E487-4F15-AF5B-2D391DA9AB8B}" = lport=445 | protocol=6 | dir=in | app=system |
"{D8DB4DB2-56A4-450E-8899-81105FC0C45D}" = lport=138 | protocol=17 | dir=in | app=system |
"{ED4A7FAE-5B1D-457B-9BA2-8E0FA0BDA2BD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{FBB48CDB-FCB4-4B74-8C12-6F35AEF0B993}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0315BEE0-0CA0-4FF7-9F5A-254A7189318E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0393BE20-3B58-49D0-AA7C-2C69218C236C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{13073C2B-754A-4840-A8A5-63AE4E27615D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1373130F-7D20-4874-A5BD-B16ECD63ABA6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{161509FD-18BF-4FEA-86F9-F9DC6F7991EB}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
"{1A7C1588-9DC7-45CF-889E-1C1C0DEA877C}" = protocol=1 | dir=out | [email protected],-28544 |
"{228FA6BF-2AAA-4B60-8AE2-AE3BF6C9995E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{31CEE77A-BF2D-4B1A-9414-12CD770A8A07}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{32958DEF-83F1-49F4-9BFC-4590CBAA173B}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{354C0EA1-40F4-4426-B1F3-D916F2B0BE75}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{362401F7-BE19-4581-9007-609396434DDD}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{376F55A3-B5A6-48DF-9F5A-EDCF1F1AA172}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3AB35617-5E3D-4676-A5F9-BFAA400B80F3}" = protocol=6 | dir=out | app=system |
"{3AB74CE1-D1D5-49EE-8611-21AAAABAC489}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{49EB060B-1654-4365-8821-B53BDE9F8E8A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4CD7B22D-AEB5-46EE-B015-5360A95C25FC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{4E255833-5DC9-4717-A4DC-34981FDAD3DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{574BC304-FE4A-415D-BAF2-C81CDA9E1408}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5BB8D86D-74EF-4A86-8798-1B1C7628F0A3}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{70C38BEE-48D0-4B9B-9144-1D356F9DB29F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{727984D2-2728-4CC0-9F6B-13FE281A48B1}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{769CD892-78FB-4D66-96E6-4016D4948D6A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{80497667-EC2D-4254-A180-4C2164A8AB7F}" = protocol=58 | dir=in | [email protected],-28545 |
"{90E296B1-97E6-414F-81B2-ACAAAC812BEF}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{9100CBCD-D300-4B5E-B3CE-31B3EA6BB00B}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |
"{918DF300-3AB1-4F68-936D-64E289C5D467}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{958CC570-3F4F-430A-A08A-6798B0F4453E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{966B373B-4313-4E54-9ABA-06E5F87F5CA6}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{9D1D1746-B2A0-4906-AFDD-7B5B025404D2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9F9FCA11-9991-45E1-8F10-0F033A2A56AE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{A1495DAD-5610-49E2-BBE9-B09FDF162CAD}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |
"{A4ADB981-AD5E-42DD-9BF2-EB893906F1C3}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{AECF3F41-7A38-4448-AE10-53614D55D982}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B3F2252B-6D34-4242-85DC-16258DB666A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BCA9C240-3902-4EFB-93A2-6B3D45F7FFD8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BD06F9A7-9405-4660-86D3-28B8A0F9B338}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE3D51CC-A33E-4EEF-AB38-53F99C99428F}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{BE77454B-BB01-4A7C-8A7F-D18A9BBF03CC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C3C87AB3-59F4-45D4-94DB-A7F7F0AEBF44}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C425D4E5-C08B-43F1-B46B-D9AE1EBB6A81}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CE6883C0-D2FF-410F-83F1-738A9694F906}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{D0387CFB-D642-4B96-88BC-0BE927D94068}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7DE94BD-47D0-4AC1-B697-692AABF8C9D1}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{D956CF4A-3BF7-4864-9ED6-78EDE1718599}" = protocol=58 | dir=out | [email protected],-28546 |
"{E86B7517-60EF-466A-A1BE-B2FECF81CD99}" = protocol=1 | dir=in | [email protected],-28543 |
"{EE1B3FFE-129C-4CD4-9629-D1F107C6DCF8}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{EE6A794E-FDC5-4657-990B-739E23C9611A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F3D58187-FA98-46C0-9EAE-228D99849D48}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FE59E72F-3B40-4EB3-83C7-F8D7BC711F26}" = dir=in | app=c:\program files (x86)\avg\avg9\avgemc.exe |
"TCP Query User{11109595-08B8-4D19-B92A-C61DF8700311}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{45F757DE-4EF7-4BBA-8E07-92D63A8CC5AE}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{973DEF53-492F-4FA3-837A-5EFECB888838}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{DE476275-1E97-489D-A8EC-484032A82C07}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AD2F8FE-A357-4728-BDF8-B92D794CE793}" = HP QuickTouch 1.00 D2
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{34A350D1-64FB-36D8-9D0C-1CD8E392DBA5}" = Google Talk Plugin
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8C0DF485-DB3E-453C-BFB3-4C47E636ECF9}" = Serif WebPlus 10
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A869A1DA-9571-4287-B170-4A7246994C84}" = Serif WebPlus 10 Resources
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E34351A4-4B10-4DFF-96BC-84C642D9C625}" = The Print Shop 22
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}" = HP User Guides 0102
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"AVG9Uninstall" = AVG Free 9.0
"BitTorrent" = BitTorrent
"DVDFab 6_is1" = DVDFab 6.0.4.0 (28/07/2009)
"ERUNT_is1" = ERUNT 1.1j
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Nursing Assistant CD" = Nursing Assistant CD
"Peggle Deluxe 1.01" = Peggle Deluxe 1.01
"Picasa 3" = Picasa 3
"RaybanMirror" = Ray-Ban Virtual Mirror
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WildTangent hp Master Uninstall" = My HP Games

< End of report >