Yahoo error:
Checking virtual IP servers...
[VIP Raw] Connecting to Virtual IP server IP ADDRESS DELETED... [PASSED]
[VIP Raw] Sending HTTP request to the server... [PASSED]
[VIP Raw] Receiving response... [PASSED]
[VIP Raw] Checking HTTP response code... [PASSED]
[VIP Raw] Parsing connection server IP address... [PASSED]
[VIP Raw] Connecting to Virtual IP server IP ADDRESS DELETED... [PASSED]
[VIP Raw] Sending HTTP request to the server... [PASSED]
[VIP Raw] Receiving response... [PASSED]
[VIP Raw] Checking HTTP response code... [PASSED]
[VIP Raw] Parsing connection server IP address... [PASSED]
[VIP Raw] PASSED *** IP ADDRESS DELETED ***
Checking connection servers...
[CS Raw] Connecting to connection server port '5050'... [PASSED]
[CS Raw] Sending port check command... [PASSED]
[CS Raw] PASSED
Checking login servers...
[Login] Connecting to login server IP ADDRESS DELETED... [PASSED]
[Login] TIMEOUT
Below are my OTL reports:
Logfile created: 5/12/2011 21:44:55
Ad-Aware version: 9.0.5
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: user
*********************** Definitions database information ***********************
Lavasoft definition file: 150.402
Genotype definition file version: 2011/05/11 09:53:59
Extended engine definition file: 9264.0
******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 78985
Objects detected: 4
Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 4
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0
Quarantined items:
Description: c:\program files\ares\ares.exe Family Name: Trojan.Win32.Generic!SB.0 Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 132227d553c8261c501080c10a9cd24f
Description: c:\users\user\desktop\current\desktop junk\new folder\svchost.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 2 Family ID: 0 MD5: 285fee12264472dfe00f72b7656b95bf
Description: c:\program files\aimersoft\keygen.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 2 Family ID: 0 MD5: 688ad3b098dae3b25569591487a55d18
Description: c:\$recycle.bin\s-1-5-21-4149202785-989440042-3916684815-1000\$r0v4bzt.exe Family Name: Win32.Hoax.Screensaver Engine: 1 Clean status: Success Item ID: 0 Family ID: 836076 MD5: 8210cbb21e66dac91d2ad38e9ee8e525
Scan and cleaning complete: Stopped by request after 2749 seconds
*********************************** Settings ***********************************
Scan profile:
ID: full, enabled:1, value: Full Scan
ID: folderstoscan, enabled:1, value: C:\,D:\
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: N/A
Scheduled scan settings:
<Empty>
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Thu May 12 21:35:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Thu May 12 03:35:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Thu May 12 09:35:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Thu May 12 15:35:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Thu May 12 21:35:00 2011
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: true
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: true
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: maintainbackup, enabled:1, value: true
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: true
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true
****************************** System information ******************************
Computer name: USER-PC
Processor name: AMD Athlon 64 X2 Dual-Core Processor TK-55
Processor identifier: x86 Family 15 Model 104 Stepping 1
Processor speed: ~1800MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 26625, number of processors 2, processor features: [MMX,SSE,SSE2,SSE3,3DNow]
Physical memory available: 903266304 bytes
Physical memory total: 2078461952 bytes
Virtual memory available: 1880850432 bytes
Virtual memory total: 2147352576 bytes
Memory load: 56%
Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Windows startup mode:
Running processes:
PID: 480 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 548 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 600 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT AUTHORITY
PID: 612 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 644 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 660 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 668 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT AUTHORITY
PID: 716 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 852 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 908 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 936 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 980 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1112 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1144 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1156 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1264 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1284 name: C:\Windows\System32\SLsvc.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1312 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1464 name: C:\Windows\System32\rundll32.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1520 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1668 name: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1684 name: C:\Program Files\Alwil Software\Avast4\ashServ.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1712 name: C:\Windows\System32\wlanext.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2016 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2040 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1556 name: C:\Windows\System32\taskeng.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1960 name: C:\Windows\System32\dwm.exe owner: user domain: user-PC
PID: 1132 name: C:\Windows\System32\taskeng.exe owner: user domain: user-PC
PID: 740 name: C:\Windows\explorer.exe owner: user domain: user-PC
PID: 2364 name: C:\Windows\System32\wercon.exe owner: user domain: user-PC
PID: 2432 name: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2472 name: C:\Program Files\AskBarDis\bar\bin\AskService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2492 name: C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2516 name: C:\Windows\System32\bgsvcgen.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2544 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2560 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2572 name: C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2656 name: C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2768 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2844 name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2872 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2908 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2932 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 2952 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 3004 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3064 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3144 name: C:\Windows\System32\drivers\XAudio.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3176 name: C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3204 name: C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3464 name: C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4084 name: C:\Program Files\Windows Defender\MSASCui.exe owner: user domain: user-PC
PID: 832 name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe owner: user domain: user-PC
PID: 2052 name: C:\Program Files\HP\QuickPlay\QPService.exe owner: user domain: user-PC
PID: 1428 name: C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe owner: user domain: user-PC
PID: 2160 name: C:\Program Files\Synaptics\SynTP\SynTPStart.exe owner: user domain: user-PC
PID: 2344 name: C:\Windows\WindowsMobile\wmdc.exe owner: user domain: user-PC
PID: 1476 name: C:\Program Files\HP\HP Software Update\hpwuSchd2.exe owner: user domain: user-PC
PID: 1380 name: C:\Program Files\Alwil Software\Avast4\ashDisp.exe owner: user domain: user-PC
PID: 1508 name: C:\Windows\System32\wpcumi.exe owner: user domain: user-PC
PID: 2424 name: C:\Windows\System32\rundll32.exe owner: user domain: user-PC
PID: 1044 name: C:\Windows\vsnpstd3.exe owner: user domain: user-PC
PID: 2672 name: C:\Windows\tsnpstd3.exe owner: user domain: user-PC
PID: 2064 name: C:\Program Files\iTunes\iTunesHelper.exe owner: user domain: user-PC
PID: 3032 name: C:\Program Files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe owner: user domain: user-PC
PID: 1308 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1032 name: C:\Windows\System32\wbem\unsecapp.exe owner: user domain: user-PC
PID: 2640 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 4108 name: C:\Program Files\Windows Media Player\wmpnscfg.exe owner: user domain: user-PC
PID: 4148 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 4472 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 5228 name: C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1628 name: C:\Program Files\Synaptics\SynTP\SynTPHelper.exe owner: user domain: user-PC
PID: 3312 name: C:\Windows\System32\wuauclt.exe owner: user domain: user-PC
PID: 5148 name: C:\Windows\System32\msiexec.exe owner: SYSTEM domain: NT AUTHORITY
PID: 5668 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 5744 name: C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe owner: user domain: user-PC
PID: 4700 name: C:\Windows\System32\taskeng.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 6024 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: user domain: user-PC
PID: 2504 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4424 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: user domain: user-PC
PID: 5704 name: C:\Windows\System32\rundll32.exe owner: user domain: user-PC
PID: 4720 name: C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe owner: user domain: user-PC
PID: 5092 name: C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe owner: user domain: user-PC
Startup items:
Name: MySpaceIM
imagepath: C:\Program Files\MySpace\IM\MySpaceIM.exe
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: Launcher
imagepath: %WINDIR%\SMINST\launcher.exe
Name: Windows Defender
imagepath: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
Name: SynTPEnh
imagepath: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Name: QPService
imagepath: "C:\Program Files\HP\QuickPlay\QPService.exe"
Name: QlbCtrl
imagepath: %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
Name: HP Health Check Scheduler
imagepath: c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
Name: SynTPStart
imagepath: C:\Program Files\Synaptics\SynTP\SynTPStart.exe
Name: Windows Mobile Device Center
imagepath: %windir%\WindowsMobile\wmdc.exe
Name: Adobe Reader Speed Launcher
imagepath: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Name: MSConfig
imagepath: "C:\Windows\system32\msconfig.exe" /auto
Name: HP Software Update
imagepath: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Name: avast!
imagepath: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Name: WPCUMI
imagepath: C:\Windows\system32\WpcUmi.exe
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
Name: NvMediaCenter
imagepath: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Name: snpstd3
imagepath: C:\Windows\vsnpstd3.exe
Name: tsnpstd3
imagepath: C:\Windows\tsnpstd3.exe
Name: QuickTime Task
imagepath: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Name: iTunesHelper
imagepath: "C:\Program Files\iTunes\iTunesHelper.exe"
Name:
imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MotionSD STUDIO - SD Browser auto start -.lnk
imagepath: C:\Program Files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED\Adobe Reader Speed Launch.lnk
imagepath: C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED\Adobe Reader Synchronizer.lnk
imagepath: C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
imagepath: C:\Program Files\Paltalk Messenger\paltalk.exe
Bootexecute items:
Name:
imagepath: autocheck autochk *
Running services:
Name: AeLookupSvc
displayname: Application Experience
Name: Appinfo
displayname: Application Information
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: ASKService
displayname: ASKService
Name: ASKUpgrade
displayname: ASKUpgrade
Name: aswUpdSv
displayname: avast! iAVS4 Control Service
Name: AudioEndpointBuilder
displayname: Windows Audio Endpoint Builder
Name: Audiosrv
displayname: Windows Audio
Name: avast! Antivirus
displayname: avast! Antivirus
Name: BFE
displayname: Base Filtering Engine
Name: bgsvcgen
displayname: B's Recorder GOLD Library General Service
Name: BITS
displayname: Background Intelligent Transfer Service
Name: Bonjour Service
displayname: Bonjour Service
Name: Browser
displayname: Computer Browser
Name: BthServ
displayname: Bluetooth Support Service
Name: CLCapSvc
displayname: CyberLink Background Capture Service (CBCS)
Name: CLSched
displayname: CyberLink Task Scheduler (CTS)
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: DPS
displayname: Diagnostic Policy Service
Name: EapHost
displayname: Extensible Authentication Protocol
Name: EMDMgmt
displayname: ReadyBoost
Name: Eventlog
displayname: Windows Event Log
Name: EventSystem
displayname: COM+ Event System
Name: fdPHost
displayname: Function Discovery Provider Host
Name: FDResPub
displayname: Function Discovery Resource Publication
Name: FreeAgentGoNext Service
displayname: Seagate Service
Name: gpsvc
displayname: Group Policy Client
Name: hidserv
displayname: Human Interface Device Access
Name: HP Health Check Service
displayname: HP Health Check Service
Name: hpqcxs08
displayname: hpqcxs08
Name: hpqddsvc
displayname: HP CUE DeviceDiscovery Service
Name: hpqwmiex
displayname: hpqwmiex
Name: IKEEXT
displayname: IKE and AuthIP IPsec Keying Modules
Name: iphlpsvc
displayname: IP Helper
Name: iPod Service
displayname: iPod Service
Name: KeyIso
displayname: CNG Key Isolation
Name: KtmRm
displayname: KtmRm for Distributed Transaction Coordinator
Name: LanmanServer
displayname: Server
Name: LanmanWorkstation
displayname: Workstation
Name: LightScribeService
displayname: LightScribeService Direct Disc Labeling Service
Name: lmhosts
displayname: TCP/IP NetBIOS Helper
Name: MMCSS
displayname: Multimedia Class Scheduler
Name: MpsSvc
displayname: Windows Firewall
Name: msiserver
displayname: Windows Installer
Name: Net Driver HPZ12
displayname: Net Driver HPZ12
Name: Netman
displayname: Network Connections
Name: netprofm
displayname: Network List Service
Name: NlaSvc
displayname: Network Location Awareness
Name: nsi
displayname: Network Store Interface Service
Name: nvsvc
displayname: NVIDIA Display Driver Service
Name: PcaSvc
displayname: Program Compatibility Assistant Service
Name: PlugPlay
displayname: Plug and Play
Name: Pml Driver HPZ12
displayname: Pml Driver HPZ12
Name: PolicyAgent
displayname: IPsec Policy Agent
Name: ProfSvc
displayname: User Profile Service
Name: RapiMgr
displayname: Windows Mobile-based device connectivity
Name: RasMan
displayname: Remote Access Connection Manager
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification Service
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: slsvc
displayname: Software Licensing
Name: Spooler
displayname: Print Spooler
Name: SSDPSRV
displayname: SSDP Discovery
Name: SstpSvc
displayname: Secure Socket Tunneling Protocol Service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: SysMain
displayname: Superfetch
Name: TabletInputService
displayname: Tablet PC Input Service
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: upnphost
displayname: UPnP Device Host
Name: UxSms
displayname: Desktop Window Manager Session Manager
Name: W32Time
displayname: Windows Time
Name: WcesComm
displayname: Windows Mobile-2003-based device connectivity
Name: WdiSystemHost
displayname: Diagnostic System Host
Name: WebClient
displayname: WebClient
Name: WerSvc
displayname: Windows Error Reporting Service
Name: WinDefend
displayname: Windows Defender
Name: WinHttpAutoProxySvc
displayname: WinHTTP Web Proxy Auto-Discovery Service
Name: Winmgmt
displayname: Windows Management Instrumentation
Name: Wlansvc
displayname: WLAN AutoConfig
Name: WMPNetworkSvc
displayname: Windows Media Player Network Sharing Service
Name: WPCSvc
displayname: Parental Controls
Name: WPDBusEnum
displayname: Portable Device Enumerator Service
Name: wscsvc
displayname: Security Center
Name: WSearch
displayname: Windows Search
Name: wuauserv
displayname: Windows Update
Name: wudfsvc
displayname: Windows Driver Foundation - User-mode Driver Framework
Name: XAudioService
displayname: XAudioService
Name: YahooAUService
displayname: Yahoo! Updater
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
EXTRAS FILE:
OTL Extras logfile created on: 5/13/2011 4:19:45 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.62 Gb Total Space | 52.67 Gb Free Space | 37.45% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 1.81 Gb Free Space | 21.52% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{081F287C-1178-467C-82E2-D9310E54F18D}" = lport=137 | protocol=17 | dir=in | app=system |
"{0AA25A7C-19E0-473F-A789-7DB8B463A312}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{0EF46342-68C1-4715-98C9-8D0669BCD8E4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{10A9A4F5-7183-4799-BA58-98375919B8A5}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{11B5557A-C946-4D95-9F61-6D5EE12EC845}" = rport=137 | protocol=17 | dir=out | app=system |
"{140C7605-D9E1-4111-B3F2-2D2F2694A537}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{1436954D-6F88-4E0A-869A-9CABA6B7DB54}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{186B282F-2B71-4E03-9C81-4003B1285ACE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{214102A7-7BBF-49D8-8299-4B624E53FD72}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{218F1F5A-B9B2-43D4-8C5E-D3F09485D5F1}" = rport=139 | protocol=6 | dir=out | app=system |
"{29272E93-76EA-4BBF-BA09-5782795C7AFA}" = lport=445 | protocol=6 | dir=in | app=system |
"{2CDB940E-8BE8-4E83-A975-31236C827243}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{30E2DD74-5CF7-461F-BFFA-E170B5A75E67}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{34E0E615-C590-49DE-A3FC-6FCCF41B0ECB}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{3CD4EAAD-6314-4D46-AB1C-D925C5F18B79}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3E98FF27-1AD7-420D-82C6-7E7923235A3F}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{4DADF6DE-18F5-4D55-BACB-EF667D98E8F1}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{516AC2D9-7E38-437F-8FBB-1B679C517163}" = lport=138 | protocol=17 | dir=in | app=system |
"{534F6719-1C05-4E91-A74E-0BE0CCDD86BC}" = rport=138 | protocol=17 | dir=out | app=system |
"{55E53B00-09D4-4C13-AD8F-C3631A80D332}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{59E1076A-CCF1-41C7-A49B-3014F575E0B7}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5BC14BC7-F955-4C95-981A-0D064C2521EA}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5F1940B4-BCE3-488F-B7D5-12C961EC9A12}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{63E7AA93-DD1C-42EE-8BED-3AB918D4C32D}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{68CBE06B-7D8D-49F7-BAFB-59164FF79A75}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6CCCF001-9F9B-4839-8CA8-8C6CFAB2ADE3}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{701FE1A5-EF8B-4764-9CDB-9D17C04EAE65}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7173B4F6-0F03-4671-A148-6BAF0F331CD1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{720B9A96-7FD8-4F96-880D-384DCEB51907}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8F688DC1-DD91-4D7E-A459-7C4EAD1355BD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{90C50C3F-4C2D-487E-9B56-AAF2631137A7}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9615E08E-1B6C-4617-8CAC-3D9292A45103}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A18E3B13-5C69-458C-ABCC-0748CB83443F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A88FE419-D7EC-4AA2-93DE-F5BF29E539F4}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A99D5FE2-A412-4129-BAFD-5907F75ED3D2}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B9E38076-079D-4769-967E-14BA49BA1E96}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C0821682-FF47-44BD-9242-4246BEA4D849}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C33255C1-8D6F-45D0-B908-D314468EB560}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C34CBC62-5C70-4D58-9E6D-901DA8191E0A}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{CC1AF3A5-22AA-4E1D-9E8E-7F27C616E9BC}" = lport=139 | protocol=6 | dir=in | app=system |
"{CEF8FCD6-A713-4B22-9FA9-DB12743A2708}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D2A224B4-C3E7-4218-8978-F6C941126416}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{DE1FFA90-4702-48A5-9DD0-79F99DFBA3E9}" = rport=445 | protocol=6 | dir=out | app=system |
"{E01E1AD7-E65B-4111-887F-AA787B09B489}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{F119C8F4-7D3F-4DEA-8638-945D78EFFB5F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F246141A-C35F-497A-8997-DD33B1A65DD3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{F3299F30-35C4-4816-8491-664EFB2A248D}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{F419C372-82B7-4505-85E9-67F8597D6750}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A07731-1CB2-4546-BB10-5778E2CC54BD}" = protocol=58 | dir=out | [email protected],-28546 |
"{01E6A81C-ABC1-4225-A6EF-04E996FB87DD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{03C9749D-1A74-42F7-8F3A-1C56AF087A77}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{05F6F3EF-B25C-4001-8372-FE26E6D1B328}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{097692B9-4521-4D1A-9F3E-8E0F924DCDB0}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{0D338F03-D74F-48E1-A0D5-CC03EA4C5985}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{12B2D499-6826-4A71-8118-1CCB6340E927}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1350FF53-F2D0-4074-8FF7-1DEA4CCBDC72}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{16BC0068-3EC5-4FBC-BB52-D0A24986A9B7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1765C68A-D8F6-4453-A4DD-15638B604C35}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1974EA75-B4C7-4083-94BB-FF9660EC3347}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{199FA715-6127-466A-9070-8EBFC710E254}" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"{1B6C9EB6-3889-4694-8E72-AFFC6DF64B5B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1ED18757-2535-4D9A-9AED-2B04E86AC216}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1F91FEDE-7447-4864-873C-C8A754DC2D41}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{214AD21E-58FB-4D34-BE80-65799DC6DBA2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{22BC3807-5BB9-4BE2-B896-FDFCF8A0549C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2B2C4DA4-C08D-4361-B7C1-553A8D7633CF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2B594F9C-F2E3-468C-A6E9-813F34F36858}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2B6CCB26-F52C-47B9-BD6E-264CE7192E88}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2CFEF947-1DA2-4ED1-B5EA-F2F2C5870B96}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2DC01FA0-2B09-4A28-9FAF-1D32B660956C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2F6C7CA9-8F0E-4AB6-BE28-16A3D69250D8}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{3053DA8B-FEE1-42A7-AB36-AB79A7A296CD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{327D36A0-4879-4D08-BFA6-29DC8F29A271}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{32BCEC29-76CE-4C4C-BA4B-F555296E4CE6}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{35ECDF05-455C-4D07-93FB-F0C6795E30D3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{38DEEC01-9F18-4223-BD8D-54E77A48F060}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{395A8243-6392-4AB1-8F30-23B9B8AD42B6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3A6557C7-5F7F-4D7C-87B5-0118B6A2749B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{3B3E309E-5DED-4720-AEE8-F411B420D194}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3F331E9C-7E90-4E45-8216-0D4EF25A13BA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4516C0BE-B643-4654-89B3-313222BBA99B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{4D78A337-D4CD-47E4-8603-A2CB62F10ACD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4E22F028-5DC4-40C9-9483-E02DAE0A3634}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{5BC58A37-88F1-48D7-8BE5-98236F326965}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{62ABF5E0-BDDF-4DCF-82C5-C1CA42844494}" = protocol=1 | dir=out | [email protected],-28544 |
"{62DAD364-9054-4450-8B64-1E97F59A49D1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{63717CAC-D251-471B-9795-6D4C83A0759F}" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"{64159568-4996-4C5C-B2F8-C153B9DD8E21}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{65A7BB12-7585-4C86-BE8E-947EA4095A6D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{66CC07F9-1B48-4D9A-96EB-E2A15D79CBA4}" = protocol=58 | dir=in | [email protected],-28545 |
"{67E71EF6-5216-4E36-8AAD-C82BC9C8DDD2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6B5B1878-9DB3-4FC0-8436-E2FFEE0804BC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6B76B961-7BC3-47C4-B12A-42CF381A1E0A}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{72BF7C3D-E137-458A-B1DF-2CAAF1754707}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7CEED379-D9E4-4E83-A5CF-752EE259FC23}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8256F643-F088-4494-9AB4-51EF8E1ABB4C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{828B8549-3607-4CF0-8ED9-9F2646C28851}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8790D7AE-E903-4B57-ADA0-60955239934B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{87A0D74F-F719-4D0B-9A9D-EDC91DA7E7E8}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{896D062A-72CA-411E-82F8-DD9F44C3A5C8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8A40C410-82AB-416E-93F9-74924ECF373F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8F09D557-1F93-4AA7-80EC-00714D5806C8}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{93FFC8E6-ED48-4340-9B36-C42362758C26}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{977244DC-0C6F-4602-9E5D-F53F4137696A}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{9785128D-7197-454C-A394-6E75F619F139}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9B435993-115D-45CD-B669-9761329A4F61}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9F496A76-713D-425A-82D5-EB67762B92B2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A57E98A6-28E9-46A1-A86E-CCE6F369AC46}" = protocol=1 | dir=in | [email protected],-28543 |
"{BD3AD72D-AD66-4BC5-B5C7-158B28187303}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BD71DF3B-17F0-4E2F-84D0-8DC7400F309C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BE223DE9-77E2-4EB5-B7B8-F1FBD3A03DFE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BF98866C-8C3E-4E0D-BFE5-84FE01CF1099}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C1085424-F309-4DB2-B7F9-C6EB971C435E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C45F953C-C973-4D47-9B6F-8E3786D5C7A2}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C48AA3D5-CC50-4098-B2A1-48864B1A3983}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C4A70EEA-9B51-4FBD-91BE-C501AA8F57EB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CEC38892-4512-4493-B630-51164B73880F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D5D3C99E-3191-4F7A-A170-A92E6C978037}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D99B69B9-B5A0-49E4-9E36-8047A9571813}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DBF0783D-97E1-4E16-BC3A-83D588851CB7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DC998ED8-A436-4326-AD09-D6A441C83B30}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DD69FB53-043D-402B-BFF0-13172CB96341}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DDB79537-BE1B-49D8-9E35-865252F6818E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E5D4E461-057A-41BF-AEB7-F4B282A036A4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E7793006-414A-4E38-8467-8E47A481554D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EA33BD6B-189B-4E5A-A6F2-04DD8A45563E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EB2EB383-EF02-4973-A584-EEEC66DEA6F0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EC7B4A3E-AA2A-4594-95F3-4C7E37C30462}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EC8731B5-C2C8-4479-924A-4706B3B4AD91}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F238082B-3978-480D-B122-CF2A1C1231A2}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{FF0635DB-56BC-4877-8290-5C502437DB20}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"TCP Query User{1544212A-5ED7-4EB2-B06E-5D68447B161B}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{5485E9CA-106F-40F8-99EC-0C774915ED1B}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{5CA3D98C-D8F7-4CD4-A16A-9B8DF6239C6C}C:\program files\myspace\im\myspaceim.exe" = protocol=6 | dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"TCP Query User{67F4FFF4-5EF8-4E2A-8E3F-E330D6638C91}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{6DD88675-202C-4040-BEB8-509221479A37}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{95F8C3CC-5D8A-413A-83AA-48D00CF8436B}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{AE85D338-7019-4E16-89F5-5AF494410925}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{B1690D74-F4B2-4948-9538-C7457FE74BCB}C:\users\user\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{B87F3D8F-BC65-4FA3-8335-A89B3C534403}C:\users\user\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\imvuclient\1vivoxvoice.exe |
"TCP Query User{DA1C75A8-461C-4035-923E-152B86F1DFC8}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{E2EC4F3B-CCA5-466E-8C86-2F7280FECD2C}C:\program files\myspace\im\myspaceim.exe" = protocol=6 | dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"TCP Query User{E8E30184-51A0-41E9-B35D-F3421B4EA655}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{04C5E2F7-245A-4D9A-A1B8-6E72CDD24121}C:\program files\myspace\im\myspaceim.exe" = protocol=17 | dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"UDP Query User{13C44334-A15C-4B45-AEF0-39FBECB7E0F5}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{24646A1F-146C-4B52-9763-0437E0039D56}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{503BEC88-6FCC-4883-ACD3-AF45601228E7}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{66E8A740-BC4D-417A-9FBE-CDBB7BB627C8}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{67F6E8EC-6728-4923-A60B-84875D869945}C:\users\user\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{6BDD503E-5F85-4C93-8567-E521EEECA216}C:\program files\myspace\im\myspaceim.exe" = protocol=17 | dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"UDP Query User{6C1D82C4-7F81-4EE8-9B6A-1AE3FD35ACD1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{700029BC-D67A-43F4-9F3D-9F637E4FB1BE}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{9636CAB3-D399-4E56-9CBD-705F36D524E9}C:\users\user\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\imvuclient\1vivoxvoice.exe |
"UDP Query User{F71A6432-8647-48DD-9DE2-81780A0DC9C0}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{FB8E7FD8-0B11-48F2-944D-B9F462BD118A}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0FE6B77F-54CD-45ED-BB64-A99477B0A8F1}" = 5600
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 10
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{44D21B77-D4FC-49E8-A726-CD00D5016703}" = DBsign Web Signer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A712D29-DBE3-4381-A331-AF4AE5BEB244}" = ArcSoft Software Suite
"{54F7A791-38DE-4439-AB3F-B3F7DDA89C75}" = ESU for Microsoft Vista
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A90C03D6-08E1-4C59-B93B-6919A6C0AC19}" = TSP_CODEC
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA47D951-588B-48A5-8183-21C44B1EA6EA}" = VRWriter4
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7DD94A8-F775-426C-B56C-8E555A59F9E2}" = Garmin Communicator Plugin
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CDCBF62D-8E74-44A5-91AD-44AB4C2EFD89}" = InterVideo FilterSDK for Panasonic
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
"{E045A5E3-0FC6-4AC2-BBE3-C49D68BA54DA}" = MotionSD STUDIO 1.3E
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}" = USB PC Camera (SN9C103)
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = GE MiniCam Pro
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"8461-7759-5462-8226" = Vuze
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Aimersoft Video Converter_is1" = Aimersoft Video Converter(Build 1.1.52)
"Ares" = Ares 2.1.1
"Ask Toolbar_is1" = Vuze Toolbar
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner (remove only)
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"IrfanView" = IrfanView (remove only)
"KC Softwares VideoInspector_is1" = KC Softwares VideoInspector
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Basic)
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MWSnap 3" = MWSnap 3
"MySpaceIM" = MySpaceIM
"NVIDIA Drivers" = NVIDIA Drivers
"Palringo" = Palringo
"Photo Viewer_is1" = Uninstall Photo Viewer
"Picasa2" = Picasa 2
"Polarity" = Polarity
"Pro Media Director_is1" = Pro Media Director Version 2.0.0.1
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"SmartAudio" = SmartAudio
"Sony Digital Voice Editor 3" = Sony Digital Voice Editor 3
"ST6UNST #1" = NavFit98A
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4149202785-989440042-3916684815-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"FileZilla Client" = FileZilla Client 3.3.0
"Google Chrome" = Google Chrome
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 8/23/2010 4:22:32 PM | Computer Name = user-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\user\Music\iTunes\iTunes Library Extras.itdb failed, 00000005.
[ Application Events ]
Error - 7/22/2009 9:27:06 AM | Computer Name = user-PC | Source = Google Update | ID = 20
Description =
Error - 7/22/2009 10:27:06 AM | Computer Name = user-PC | Source = Google Update | ID = 20
Description =
Error - 7/22/2009 11:27:06 AM | Computer Name = user-PC | Source = Google Update | ID = 20
Description =
Error - 7/22/2009 11:35:32 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application FreeAgentService.exe, version 4.7.0.1, time stamp
0x4907a2dc, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00000000, process id 0x96c, application start time
0x01ca0ac893c6174e.
Error - 7/23/2009 1:27:06 AM | Computer Name = user-PC | Source = Google Update | ID = 20
Description =
Error - 7/25/2009 9:27:05 AM | Computer Name = user-PC | Source = Google Update | ID = 20
Description =
Error - 7/25/2009 10:27:06 AM | Computer Name = user-PC | Source = Google Update | ID = 20
Description =
Error - 8/2/2009 2:07:26 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application FreeAgentService.exe, version 4.7.0.1, time stamp
0x4907a2dc, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00000000, process id 0x98c, application start time
0x01ca1397e1d645aa.
Error - 8/4/2009 3:23:02 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application FreeAgentService.exe, version 4.7.0.1, time stamp
0x4907a2dc, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00000000, process id 0x978, application start time
0x01ca14d03968b1c1.
Error - 8/4/2009 7:27:06 AM | Computer Name = user-PC | Source = Google Update | ID = 20
Description =
[ Media Center Events ]
Error - 11/8/2008 10:57:51 PM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 5/8/2009 8:15:47 PM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
[ OSession Events ]
Error - 7/5/2008 4:17:08 PM | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 879
seconds with 720 seconds of active time. This session ended with a crash.
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
MALWARE BITES FILE:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6569
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904
5/13/2011 10:54:32 PM
mbam-log-2011-05-13 (22-54-32).txt
Scan type: Full scan (C:\|)
Objects scanned: 392528
Time elapsed: 1 hour(s), 41 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\$RECYCLE.BIN\s-1-5-21-4149202785-989440042-3916684815-1000\$R0V4BZT.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
EDIT/UPDATE:
Additionally, some pages only partially load (like ebay, yahoo, etc...). What I mean is lots of graphics look like broken links or the site pops up as if it's a low bandwidth version (mobile version) of the site... I'm sure it's just a partial load but it's what it looks like to me. I've done a speed test and I'm getting great transfer rates. I've also noticed I am getting more caught up in what it effects... while it was hitting me on some secure sites, not it's almost all of them. If I click reload sometimes the site will come up, sometimes it'll just say site unavailable over and over. Is this a common issue? I think I've had too many years malware free and now it's coming back to collect all the time those sneaky little buggers lost on me. Thanks in advance for any help.
Edited by cato1978, 14 May 2011 - 09:11 AM.