Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vista logon process failed, blue screens at welcome screen

Started by Ross Richey , Sep 11 2011 07:17 AM

  • Please log in to reply

#1
Ross Richey
Posted 11 September 2011 - 07:17 AM

Ross Richey

    New Member

  • Member
  • Pip
  • 1 posts
Yesterday I got hit by what seems to be a virus. I shut my computer off after using it, and everything seemed fine. I went to turn it back on, and it said the computer did not shut down properly. I tried to log in anyway, and nothing at all would run. I went into safe mode, ran an AVG scan and Malwarebytes, and neither found anything. I deleted AVG and downloaded Avast, and it found nothing also. I thought maybe it was okay, and I restarted the computer to boot up in regular mode. I again was stopped at the welcome screen, after trying to logon to my admin account. I waited for 4 minutes for the Welcome screen to go away and load my desktop, but it never did. Instead it sent me to the blue screen of death, and gave me a KERNEL_DATA_INPAGE_ERROR instead. I'm not sure what to do now.

Here's my OTL log, as requested from the requirements to start a topic in here. Thank you to anyone that can help.

OTL Extras logfile created on: 9/11/2011 9:11:05 AM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Steve\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 4.91 Gb Available Physical Memory | 82.35% Memory free
12.05 Gb Paging File | 11.20 Gb Available in Paging File | 92.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.78 Gb Total Space | 377.16 Gb Free Space | 83.48% Space Free | Partition Type: NTFS
Drive D: | 13.98 Gb Total Space | 2.07 Gb Free Space | 14.81% Space Free | Partition Type: NTFS

Computer Name: ROSSCOMPUTRA | User Name: Steve | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = E8 7A 8D 47 2E 75 CA 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ACC6AE8-F442-454C-A12D-B00CEBD2C60E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0D8CF894-9A6B-48B5-9C1F-6F4885A45D2A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{281ACDBD-4FFF-434B-ADEB-7DDCA4508EC6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E5B131D-2E26-45FB-98F2-D2DB87F84A15}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{39F7A70E-A25B-411C-97EA-63A12281317C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{402CA084-6716-4D61-A9D4-CA36A8307C87}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4C031224-4C69-45F6-BB0B-D2664E5EFC1B}" = rport=10244 | protocol=6 | dir=out | app=system |
"{514AC75C-C634-4386-8D00-4E8BF2A316A4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{53651DC8-7DC6-4E18-AB57-91D98C7272C2}" = lport=3390 | protocol=6 | dir=in | app=system |
"{6396A6B8-00CE-44F9-BD42-68074B11E851}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{65FE46F0-877E-454B-BDA1-22228A0103BC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{664CC894-EAA6-42B9-B7B0-E8BF465F8F43}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6ED0A018-FB69-4D21-8127-2FF07E4EB285}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{78AAD68A-E25C-452E-9CDC-B4BB250276BD}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{7D47B325-26F1-43CE-8F27-69E0F09CE997}" = rport=10243 | protocol=6 | dir=out | app=system |
"{845CBC7B-FE0F-49DF-B1FA-DAEBB90BE705}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{868262FD-7F24-4A3F-86B6-AD26D56D3235}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{884E1AF1-93BA-4F98-B5D2-7EEC9D9B7E9D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{98180019-F365-4C6B-841C-0CEE2C853B25}" = lport=10244 | protocol=6 | dir=in | app=system |
"{9A75D33C-667E-4D77-998E-D5081A26FA81}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9E333028-3C9A-424A-B98E-810C72E72DED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A77549A6-950D-47ED-8FC8-E72739BA5A17}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B2483231-3F59-425F-B0BC-9372CFDD6E9C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B42CB7C2-689F-47A6-B57A-15E69F03A601}" = lport=3390 | protocol=6 | dir=in | app=system |
"{BE1C0ACE-3D34-480C-BC2A-B7E369E8AB50}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C75DFD7F-3BB7-4D2D-B70C-9F092BDE6449}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C8F13E7B-8622-4741-AF17-2BBB51221F57}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C9535616-8649-440F-92A5-A76DF5C74CDA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CC5AF096-A82C-4073-80B1-FC6B833254B6}" = lport=10244 | protocol=6 | dir=in | app=system |
"{D91D08B2-A665-4DA9-BCC9-C170DC3718CB}" = rport=10244 | protocol=6 | dir=out | app=system |
"{E870AE89-C653-4947-809F-7F460CEE14E5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1E88E22-361C-440C-8BF3-5AF7088A68B5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F88E0B7A-1C74-4728-9B44-07DE91673C0D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FBEB8F10-D11E-4331-AEAB-8825086B83E6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE41CAE7-3C12-4BE6-BE32-2827275E5A71}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0071674A-02F2-4306-89FE-C3A487339C5D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{00D35D91-1CDE-4576-AC4D-1B259FEC241C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{042FC97A-7F6A-41F5-9F74-7B0B272862EB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{04DF3BFB-7A63-4951-8B6D-32A7CD77CD92}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{0BDAC4FF-583C-4645-8BE7-CDBC202873F0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{13A8790A-14D4-4EA6-94E6-55AB0DF325AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1A7A1ABF-1940-484D-9145-02F5E33844EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{22693E75-15A3-4D40-8A4A-ED9FEE18593F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{242172C2-D785-4E09-A433-DC441F98D3A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2562C894-761B-42F3-A32A-CCE070D6427E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2AA22644-21A8-4EE5-BF21-38555AC39855}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{2B83D782-24A9-48CD-9EF2-4B94BE74F28F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{2CF095A9-A7A1-4DBF-AEEA-9316F302D324}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{2EB116B0-7A5C-4178-990B-DB8CD10F2913}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2EEEA6B3-E8FE-461E-8751-D71BD9720753}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{2F134BEC-D91D-436F-9582-B1204DF02165}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2FDFDB57-4B43-4A88-91DA-6E8DDBB7EEA3}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{304C2BE3-D5CC-48FE-A67C-2198564D633C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{38EA2864-8583-4770-8448-C536306BD0A3}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{394077FD-E740-4317-9EB4-B5254E516FBF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{39EDF741-055C-4DAC-A6D1-24A954A7B4B8}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{42AE5481-2968-426B-B584-E6D59DCFE260}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{44DDC673-E027-4DF1-B28C-C0DF6A8C7D25}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{54642FF7-24B2-4F61-9D50-7F2F3782A0E4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{6502E49A-1ECA-438C-AE90-3B70BE82F389}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{746DB167-D2B9-418E-99A0-E6ECF6E9FAEE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{7AAABDF1-4540-4E22-B8B2-BA7B2387D449}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8477220A-2CFF-44F4-9DAE-FAB530AB5ED7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{89B64D44-162C-43B2-9E4C-FD9FD55D5D5A}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{912E7C95-D5DF-4E41-8070-D09B7C8C0914}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{9195DF4E-D520-4331-80AE-483CD74F1BFC}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{9299A380-929B-4628-AC39-9F79C379FB51}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{949E5569-2371-4FDA-85ED-E53B65FFA2BF}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{98620A56-CFC1-4590-B40B-A0D4FAF978E3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A1A4BFB5-0670-4AB7-A03F-C3D20A72DBA7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A2A8A7F9-3B8E-49B4-81C1-6F761EB47FAC}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{ABF1E7AC-01D4-4307-8C5B-8BEED8F47B45}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ABFECE4B-2349-40F8-9646-62C92AE9A84C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B3B6821B-2B70-4B96-B650-575131376A23}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{B6BDB3FE-D42C-4A1A-A685-1959B800AF71}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{BCF47E46-F9A0-4297-8BF4-04D54F03AB0E}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{BDEFC943-01D3-4C6F-860D-5F574952EA4C}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C24314BB-28D7-4549-A712-2EE5B2C9724B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{C54FC77D-D491-4A91-AB04-6C3520B86C76}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C6F39B38-DA1E-4965-92A1-870C214A04F3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{C8138418-CC16-44CB-A406-9A587A2ABD97}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C8B3CD39-E8B4-473C-84CB-72B5CC492BD4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CB7A3FAE-C321-4378-A5F5-7B7E3CC898E2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CE0EE75E-1F0F-464A-8F20-163E6EA422FA}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D1B4CE66-2150-48E6-9CD3-71351BD15CDA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D28EA1B7-AC04-4936-8B9C-5EFE2337A6E6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D36BBEE4-1C9E-4561-A07B-1BFCFA109C23}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{D40509B1-66D1-40DC-B397-297C49850B89}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D6A583E1-7BCF-4C43-93CB-362598A302B9}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{D8F5B43B-5A29-4A19-81DE-E93EDBB5167D}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{D904ECFE-5681-49E9-BD96-A6F92D38C54B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DB974CAE-F6B0-4B5A-B69E-DD54B12098A5}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DFEF356E-7B7D-40EE-93B8-95E999EAB0B2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{E15B8D42-BC3E-49F5-AE3B-C1AAED02FD13}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{E4FC704E-0868-4AE5-965B-A66D1A51DEE7}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{E6365B58-A1A0-4270-8A98-5A468CDB80EF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{ECC2143C-F486-4029-97E9-BE8C646C7FC1}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{F4477E72-9377-43C0-8EAC-97AE74754158}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F4DA142D-10D2-4256-92A6-BF278DA4FFAE}" = protocol=6 | dir=out | app=system |
"{F98AE581-6B42-42FD-9261-55D17A10B4EE}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{35B8601E-0883-430B-A183-DE0635D6E60E}C:\program files (x86)\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\runes of magic\client.exe |
"TCP Query User{5C085E4E-6125-411B-8C94-6992E3B0C3FF}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{5C25D4C5-E1FA-4F14-9586-CE92281884A0}C:\program files (x86)\byond\bin\byond.exe" = protocol=6 | dir=in | app=c:\program files (x86)\byond\bin\byond.exe |
"TCP Query User{A2CBF86D-418D-4756-BEB3-CA15AB535A5D}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{AA9F3B76-42D8-4A3F-BE61-4EBC71A3DF59}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{AFC4B7B7-EFF1-439A-AA45-E1AD60F4948B}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{C59E1BB1-6464-4EC1-B32A-2A53254CE913}C:\users\steve\downloads\tinyumbrella-4.21.01.exe" = protocol=6 | dir=in | app=c:\users\steve\downloads\tinyumbrella-4.21.01.exe |
"TCP Query User{E23F90F1-1891-471A-A387-FCCA6E800666}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{EB11F0F7-83B6-4739-8913-D0148EFE481B}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{F8742922-2B88-416E-956B-2E6F533E8B0B}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{1FF37FB7-6863-4F30-BE2B-3049F7BDEB13}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{2848A050-12F2-4944-9CCE-E20F63A82C28}C:\users\steve\downloads\tinyumbrella-4.21.01.exe" = protocol=17 | dir=in | app=c:\users\steve\downloads\tinyumbrella-4.21.01.exe |
"UDP Query User{39CA5FA1-C833-4D97-A578-DADE230E4EA1}C:\program files (x86)\byond\bin\byond.exe" = protocol=17 | dir=in | app=c:\program files (x86)\byond\bin\byond.exe |
"UDP Query User{4EB5894D-15FC-4AFE-8413-AFA921863F04}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"UDP Query User{60ABF131-BE2B-44BF-8098-923E99079932}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{739DF506-BE3B-47FB-8D48-9BF925435858}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"UDP Query User{A60A9DF3-232A-4AED-B8E5-6BA0CA15532E}C:\program files (x86)\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\runes of magic\client.exe |
"UDP Query User{B8FE4BB2-3E1E-492D-AE17-5A76AA270281}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{DCB7B0E3-38A0-4903-836B-31F444F92807}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{E226A13B-7957-484C-8EF9-CAC3ACEBE4C4}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{11EB1163-5761-4BC6-8F48-98DCF6A46BBF}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB8079C-2F30-3A6E-A76A-9758C4F1CD21}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62577E41-C350-3D07-97C8-2B6CDB4BAD60}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"B30ECD0209A21D638611F893829C8AF3A483A302" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{090C5B5F-5854-445E-90C0-41C4128C84FD}" = Verizon Wireless Software Upgrade Assistant - Samsung
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}" = HP User Guides 0129
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21AFD9CF-046A-41F1-9A6E-EE48483DA864}" = Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC)
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java™ 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8427F2DB-5833-4DBB-AFE9-D5358B6DF32F}" = League of Legends
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2DC81B-8114-37D9-A922-95E460A1FAFB}" = Microsoft Visual Basic 2008 Express Edition - ENU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Actual Windows Minimizer_is1" = Actual Window Minimizer 6.5.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter_is1" = Any Video Converter 3.1.0
"avast" = avast! Free Antivirus
"Free File Opener_is1" = Free File Opener v2011.6.0.4
"Free RAR Extract Frog" = Free RAR Extract Frog
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Visual Basic 2008 Express Edition - ENU" = Microsoft Visual Basic 2008 Express Edition - ENU
"Mozilla Firefox 4.0b7 (x86 en-US)" = Mozilla Firefox 4.0b7 (x86 en-US)
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"Opera 11.51.1087" = Opera 11.51
"Panopreter_is1" = Panopreter
"RealPlayer 12.0" = RealPlayer
"Scratch" = Scratch
"uTorrent" = µTorrent
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/10/2010 11:27:25 PM | Computer Name = RossComputra | Source = Windows Search Service | ID = 3013
Description =

Error - 9/11/2010 10:26:55 AM | Computer Name = RossComputra | Source = WinMgmt | ID = 10
Description =

Error - 9/11/2010 11:33:30 AM | Computer Name = RossComputra | Source = WinMgmt | ID = 10
Description =

Error - 9/11/2010 12:01:05 PM | Computer Name = RossComputra | Source = WinMgmt | ID = 10
Description =

Error - 9/11/2010 12:17:39 PM | Computer Name = RossComputra | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/13/2010 2:53:52 PM | Computer Name = RossComputra | Source = WinMgmt | ID = 10
Description =

Error - 9/14/2010 11:17:35 AM | Computer Name = RossComputra | Source = WinMgmt | ID = 10
Description =

Error - 9/14/2010 8:34:33 PM | Computer Name = RossComputra | Source = WinMgmt | ID = 10
Description =

Error - 9/15/2010 2:23:52 PM | Computer Name = RossComputra | Source = WinMgmt | ID = 10
Description =

Error - 9/15/2010 3:06:28 PM | Computer Name = RossComputra | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 9/11/2011 8:57:11 AM | Computer Name = RossComputra | Source = LSM | ID = 1048
Description =

Error - 9/11/2011 8:57:20 AM | Computer Name = RossComputra | Source = DCOM | ID = 10005
Description =

Error - 9/11/2011 8:57:30 AM | Computer Name = RossComputra | Source = DCOM | ID = 10005
Description =

Error - 9/11/2011 8:57:37 AM | Computer Name = RossComputra | Source = DCOM | ID = 10005
Description =

Error - 9/11/2011 8:57:38 AM | Computer Name = RossComputra | Source = DCOM | ID = 10005
Description =

Error - 9/11/2011 8:58:27 AM | Computer Name = RossComputra | Source = Service Control Manager | ID = 7001
Description =

Error - 9/11/2011 8:58:27 AM | Computer Name = RossComputra | Source = Service Control Manager | ID = 7001
Description =

Error - 9/11/2011 8:58:27 AM | Computer Name = RossComputra | Source = Service Control Manager | ID = 7001
Description =

Error - 9/11/2011 8:58:27 AM | Computer Name = RossComputra | Source = Service Control Manager | ID = 7026
Description =

Error - 9/11/2011 8:59:11 AM | Computer Name = RossComputra | Source = Service Control Manager | ID = 7001
Description =


< End of report >


OTL logfile created on: 9/11/2011 9:11:05 AM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Steve\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 4.91 Gb Available Physical Memory | 82.35% Memory free
12.05 Gb Paging File | 11.20 Gb Available in Paging File | 92.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.78 Gb Total Space | 377.16 Gb Free Space | 83.48% Space Free | Partition Type: NTFS
Drive D: | 13.98 Gb Total Space | 2.07 Gb Free Space | 14.81% Space Free | Partition Type: NTFS

Computer Name: ROSSCOMPUTRA | User Name: Steve | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/11 09:10:51 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
PRC - [2011/09/01 22:10:53 | 000,947,056 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/15 08:51:05 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/07/16 15:03:58 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/07/21 23:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 15:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/11/07 09:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/24 12:43:00 | 003,461,116 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/09 18:14:02 | 000,296,320 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009/02/09 18:14:02 | 000,116,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2008/09/23 15:18:52 | 000,365,904 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/24 19:10:04 | 000,051,600 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ActionReplayDS_x64.sys -- (ActionReplayDS)
DRV:64bit: - [2010/09/07 16:08:55 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/07/16 15:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/16 15:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/26 22:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/04/26 22:25:20 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV:64bit: - [2010/04/26 22:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010/04/26 22:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/07/21 23:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/11/21 22:05:22 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/11/17 15:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/08/01 09:00:32 | 000,145,408 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AESTAu64.sys -- (AESTAud)
DRV:64bit: - [2008/07/22 11:42:34 | 000,170,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/07/21 06:53:04 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/04/28 21:55:32 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/01/20 22:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2006/11/10 09:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATITool64.sys -- (ATITool)
DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2008/09/26 05:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2005/01/02 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://home.mywebsea...AYkuCG0mEQojGfw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "H3CZ Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google (SSL)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/10 23:22:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\components [2011/08/15 14:16:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins [2011/09/05 12:09:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/09 22:55:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/05 12:09:13 | 000,000,000 | ---D | M]

[2009/10/05 17:11:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\mozilla\Extensions
[2009/09/08 20:14:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/09/05 11:55:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\mozilla\Firefox\Profiles\i0185q78.default\extensions
[2011/08/22 16:00:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Steve\AppData\Roaming\mozilla\Firefox\Profiles\i0185q78.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/29 16:39:19 | 000,002,523 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\i0185q78.default\searchplugins\google-ssl.xml
[2011/09/05 12:08:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/15 19:00:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/03 16:26:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/08 00:23:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/03 18:57:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/15 21:36:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/13 00:05:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
() (No name found) -- C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I0185Q78.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2009/09/21 17:13:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/09 22:55:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/12/01 17:51:43 | 000,000,789 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.208.10.249 gs.apple.com
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF6E039F-8812-49D9-8155-4B5EDD4B4032}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF14BC1C-DAB0-4BFD-99C2-1612C03544C1}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Steve\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Steve\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{66588b15-9849-11e0-b7b8-00235a3fdfbe}\Shell - "" = AutoRun
O33 - MountPoints2\{66588b15-9849-11e0-b7b8-00235a3fdfbe}\Shell\AutoRun\command - "" = G:\TLBootstrap_WPP.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/11 09:10:50 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2011/09/10 23:22:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/09/10 23:22:29 | 000,301,912 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/09/10 23:22:29 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/09/10 23:22:27 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/09/10 23:22:26 | 000,601,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/09/10 23:22:26 | 000,058,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/09/10 23:22:25 | 000,065,368 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/09/10 23:22:24 | 000,254,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/09/10 23:22:12 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/10 23:22:11 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/09/10 23:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/09/10 23:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/09/10 23:17:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/09/10 21:25:29 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/09/08 20:50:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011/09/08 20:50:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/09/08 20:49:14 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\Visual Studio 2008
[2011/09/08 20:49:08 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Microsoft Help
[2011/09/08 20:47:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2011/09/08 20:47:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2011/09/08 20:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2011/09/08 20:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008
[2011/09/08 20:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2011/09/05 12:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/09/05 12:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/09/05 12:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/09/05 12:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/08/28 10:41:25 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\BYOND
[2011/08/28 10:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BYOND
[2011/08/28 10:41:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BYOND
[2011/08/26 20:18:23 | 000,000,000 | ---D | C] -- C:\Users\Steve\Pokemon Online
[2011/08/15 14:16:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/15 14:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[1 C:\Users\Steve\AppData\Local\*.tmp files -> C:\Users\Steve\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/11 09:10:51 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2011/09/11 09:06:36 | 000,000,732 | ---- | M] () -- C:\Users\Steve\AppData\Local\d3d9caps64.dat
[2011/09/11 09:01:18 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/11 09:01:18 | 000,603,516 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/11 09:01:18 | 000,103,586 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/11 08:57:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/11 08:56:40 | 471,000,756 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/11 08:55:10 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/11 08:54:59 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/11 00:23:11 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/11 00:07:29 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/10 23:22:30 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/09/10 23:22:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/09/10 21:22:26 | 000,000,000 | ---- | M] () -- C:\Users\Steve\AppData\Local\{E610CFAD-40A8-402D-AF94-AA8D23D4F043}
[2011/09/10 11:13:26 | 000,000,008 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\DofusAppId0_1
[2011/09/10 11:13:06 | 000,000,169 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\D2Info0
[2011/09/10 08:49:20 | 000,000,000 | ---- | M] () -- C:\Users\Steve\AppData\Local\prvlcl.dat
[2011/09/08 20:31:10 | 134,609,782 | ---- | M] () -- C:\Users\Steve\Desktop\VS2008.iso
[2011/09/06 16:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/09/06 16:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/06 16:45:17 | 000,254,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/09/06 16:38:18 | 000,601,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/09/06 16:38:16 | 000,301,912 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/09/06 16:36:41 | 000,058,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/09/06 16:36:41 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/09/06 16:36:30 | 000,065,368 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/09/06 16:36:14 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/09/05 12:18:43 | 000,001,672 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes (2).lnk
[2011/09/05 12:01:13 | 000,001,654 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/09/05 11:57:00 | 000,000,629 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
[2011/09/02 17:39:03 | 000,000,008 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\DofusAppId0_2
[2011/08/25 20:41:05 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSteve.job
[2011/08/17 15:57:56 | 000,000,008 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\DofusAppId0_4
[2011/08/17 10:46:35 | 000,000,008 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\DofusAppId0_3
[2011/08/15 14:16:12 | 000,001,716 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[1 C:\Users\Steve\AppData\Local\*.tmp files -> C:\Users\Steve\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/10 23:46:17 | 471,000,756 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/10 23:22:30 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/09/10 23:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/09/10 21:22:26 | 000,000,000 | ---- | C] () -- C:\Users\Steve\AppData\Local\{E610CFAD-40A8-402D-AF94-AA8D23D4F043}
[2011/09/08 20:49:10 | 000,001,266 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Basic 2008 Express Edition.lnk
[2011/09/08 20:28:03 | 134,609,782 | ---- | C] () -- C:\Users\Steve\Desktop\VS2008.iso
[2011/09/05 12:18:43 | 000,001,672 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes (2).lnk
[2011/09/05 12:01:13 | 000,001,654 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/15 14:16:12 | 000,001,716 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/11/07 00:11:37 | 000,000,732 | ---- | C] () -- C:\Users\Steve\AppData\Local\d3d9caps64.dat
[2010/09/23 21:10:40 | 000,000,008 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\DofusAppId0_5
[2010/07/16 23:20:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/10 14:23:19 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010/07/02 16:07:04 | 000,000,000 | ---- | C] () -- C:\Users\Steve\AppData\Local\prvlcl.dat
[2010/06/23 01:25:42 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010/06/23 01:25:42 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010/06/23 01:25:42 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010/06/15 20:54:07 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\rmc_rtspdl.dll
[2010/03/14 22:20:03 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/12/08 20:15:05 | 000,000,008 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\DofusAppId0_4
[2009/12/03 14:59:40 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 14:59:11 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/03 14:58:41 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/12/02 17:07:55 | 000,000,008 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\DofusAppId0_3
[2009/12/02 15:53:12 | 000,000,008 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\DofusAppId0_2
[2009/12/02 15:52:02 | 000,000,169 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\D2Info0
[2009/12/02 15:52:02 | 000,000,008 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\DofusAppId0_1
[2009/11/25 18:23:49 | 000,000,008 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\DofusAppId3_3
[2009/11/25 18:16:43 | 000,000,008 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\DofusAppId3_2
[2009/11/20 18:20:57 | 000,000,181 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\D2Info3
[2009/11/20 18:20:57 | 000,000,008 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\DofusAppId3_1
[2009/09/14 16:23:16 | 000,051,200 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/11 16:52:52 | 000,000,680 | ---- | C] () -- C:\Users\Steve\AppData\Local\d3d9caps.dat
[2009/09/02 02:38:50 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/09/02 01:04:05 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/10/20 02:23:03 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/10/20 01:53:29 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/04/20 17:05:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\.minecraft
[2009/11/14 21:32:12 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\acccore
[2010/07/07 21:19:24 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Actual Tools
[2010/07/10 10:21:44 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\AnvSoft
[2009/12/02 15:52:05 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\app
[2010/11/16 16:35:34 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Audacity
[2010/10/24 12:14:52 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\AVG10
[2010/03/03 15:31:17 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\BitZipper
[2011/07/31 01:58:14 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Dofus 2
[2010/10/24 20:01:26 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/10/24 19:09:47 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/10/28 20:27:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Dofus-4.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/10/30 22:58:47 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Dofus-5.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/10/24 19:17:41 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/03/15 22:20:48 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FiDo
[2009/11/15 11:44:37 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FMZilla
[2011/04/13 18:54:44 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FreeAudioPack
[2011/02/24 17:49:24 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FreeFileOpener
[2010/04/30 20:47:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\gtk-2.0
[2009/09/04 20:38:07 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\iWin
[2010/03/15 22:20:28 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\LeapingBrain
[2010/03/02 21:25:14 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Leawo
[2010/11/11 16:47:35 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\LolClient
[2010/08/17 02:20:41 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ManyCam
[2010/06/16 01:00:15 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\NCH Swift Sound
[2010/12/15 17:10:36 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\OpenOffice.org
[2010/06/05 17:27:45 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Opera
[2011/05/21 19:14:14 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Philipp Winterberg
[2009/12/02 15:52:05 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011/09/01 00:10:03 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\uTorrent
[2009/09/02 01:01:49 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\WildTangent
[2010/05/25 15:04:03 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\WinBatch
[2010/03/14 22:31:31 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Xilisoft Corporation
[2011/09/10 21:37:05 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:0CE7F3C9
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP