He was able to download the most recent MBAM and run it but it didn't help much. Then he was no longer able to use a browser so here we are.
We ran Rogue Killer and got the following results:
RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Safe mode with network support
User: Drew [Admin rights]
Mode: Scan -- Date : 12/22/2011 21:00:17
¤¤¤ Bad processes: 1 ¤¤¤
[WINDOW : Vista Antivirus 2012] tvd.exe -- C:\Users\Drew\AppData\Local\tvd.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 12 ¤¤¤
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[FILEASSO] HKCU\[...]Software\Classes\.exe\shell\open\command : ("C:\Users\Drew\AppData\Local\tvd.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCR\[...].exe\shell\open\command : ("C:\Users\Drew\AppData\Local\tvd.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCR\.exe : (O50) -> FOUND
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command : ("C:\Users\Drew\AppData\Local\tvd.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") -> FOUND
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command : ("C:\Users\Drew\AppData\Local\tvd.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) -> FOUND
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command : ("C:\Users\Drew\AppData\Local\tvd.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : Rogue.AntiSpy-AH ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Check: ¤¤¤
--- User ---
[MBR] b5aee0d55464694b51f9a287c42e8ae5
[BSP] 8d527f0925c429137dfa00addcf14190 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT16 [HIDDEN!] Offset (sectors): 63 | Size: 41 Mo
1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 81920 | Size: 115343 Mo
2 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 225361920 | Size: 134672 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
Then ran OTL and got the following results:
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
CREATERESTOREPOINT
And the Extras file:
OTL Extras logfile created on: 12/22/2011 9:02:36 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = H:\Computer Recovery
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.83% Memory free
4.24 Gb Paging File | 3.77 Gb Available in Paging File | 88.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 125.42 Gb Total Space | 26.09 Gb Free Space | 20.80% Space Free | Partition Type: NTFS
Drive D: | 107.42 Gb Total Space | 50.94 Gb Free Space | 47.42% Space Free | Partition Type: NTFS
Drive F: | 2.63 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 562.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 479.48 Mb Total Space | 86.11 Mb Free Space | 17.96% Space Free | Partition Type: FAT32
Drive J: | 553.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: JENNIFER-PC | User Name: Drew | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-4121544440-2439384158-1445081869-1001\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.exe [@ = h32] -- C:\Users\Drew\AppData\Local\tvd.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{107B1E4F-C498-44FF-BACA-6C822BE892DB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2400C7D4-286C-4D23-9602-069A5DD3FC89}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2E9D8F94-A3D0-4D8B-996F-A9A556A2E234}" = rport=138 | protocol=17 | dir=out | app=system |
"{308E460E-7E98-4644-992D-9D6FA630F483}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{31200B81-095C-471A-888C-3FFF2EAF634E}" = rport=139 | protocol=6 | dir=out | app=system |
"{383B7842-08EC-41B6-A10F-2D0B4E58087E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{3D9BA907-7CE3-4174-9E4E-56E1EF0D862F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47F7CE97-30BB-46A5-A2AD-7A8B93014420}" = rport=137 | protocol=17 | dir=out | app=system |
"{5058A0E5-3466-4324-8FFD-B003789960CF}" = lport=445 | protocol=6 | dir=in | app=system |
"{61EFAB74-3EDA-4BD5-8855-DBE03FFB9805}" = lport=138 | protocol=17 | dir=in | app=system |
"{6B2179E4-562B-4829-8093-EFFFC3256C69}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D19F31E-6B49-49C6-9E56-00815D3E4678}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7F19D398-0D11-47A1-A24D-1D19EB6B51E0}" = lport=137 | protocol=17 | dir=in | app=system |
"{8B73BCC4-3478-4C82-9A26-6DB712EC2621}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AAED4FEA-27E3-4958-8806-E0082763D2F8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{D0BA66E6-8ED2-453E-8E2C-2B2303DD9E3E}" = rport=445 | protocol=6 | dir=out | app=system |
"{D6FB9BF2-D722-453B-A7F2-F6BD7CE4DFC3}" = lport=139 | protocol=6 | dir=in | app=system |
"{F9940987-849D-4011-B72F-3F55883B712A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FFEF4A44-1121-4CAC-B1F3-9F604E4012BA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{171EF933-73AB-4A3F-85CB-EDA0F68C9A04}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{27547442-E722-4205-8A83-105C151A54FD}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{2922D9F2-9BC7-4033-89DF-16F68366C17E}" = protocol=17 | dir=in | app=c:\program files\pando networks\pando\pando.exe |
"{30379607-82B1-4738-807E-9C57BB0AFECB}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{373F6CAA-F152-42C8-9311-89CABF8FC039}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{41A88E1F-2E63-4D5F-9E95-0B7C876E7C56}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{43F93E54-1CC1-475D-A0C9-4C5158D413D8}" = protocol=6 | dir=in | app=c:\program files\pando networks\pando\pando.exe |
"{463225C7-F37F-4211-A771-6CC067FF2151}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{486005C2-B217-4CF5-9A94-D07AA42BED4C}" = dir=in | app=d:\pando\pando.exe |
"{5DD30D0A-C9D6-42E9-AF6B-21311E0EBDAB}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{6C29BCBC-29FE-4366-AF71-B03497A76CEF}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{73B41AE4-5CE8-4506-8292-88E865307CEB}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{7A2D5FD0-D2AA-4A7D-9AB9-3529FEB1CAAD}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{884A5A61-9F53-4589-A15D-4B15339328A3}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{A6A78A61-6499-4CBD-B4F6-CC15E51CF5B0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{AD3D79E4-258B-49E2-B0CB-0DA0EEE1667C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{AFC07491-670C-466F-A840-BB5CC9E146F7}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{C086B451-C521-444B-A7D9-343649F52FDE}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{C1FBA363-30FD-47EF-A922-E87926EFDD6D}" = protocol=6 | dir=in | app=d:\pando\pando.exe |
"{C9C8519F-69EC-427A-9D99-00DFBBBB0B1A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{CDE3BD2E-0AEC-4125-8BE7-B03365240BC1}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{D1F8AAF7-7E38-458C-84BC-667B8143AF6B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D6A0D847-6EC0-43C7-B24F-CC97792EB5D3}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{EC0023D8-8101-4E76-BA89-FC6E5D02CBBE}" = dir=in | app=c:\program files\pando networks\pando\pando.exe |
"{ECC7B221-C749-457C-A25F-F798C91F6C40}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{EDC97647-5797-40F3-A01E-3E5B53436AA5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EF3CEC1A-00AD-40CC-BA0A-47D9A433C034}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{EFE39407-F996-4536-A24F-EA5741EABA83}" = protocol=17 | dir=in | app=d:\pando\pando.exe |
"{F5E3E64E-304D-45C0-A14E-2720F8DF0165}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{F60356EC-2B87-4210-9524-85887A3AAE4D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{F90A7E2D-E266-40FA-8F62-984D7EBE2AB2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{FAD4386D-870B-4C30-B521-623465B0A745}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"TCP Query User{2AD25724-1FA7-4695-BD65-6A83B4F7F163}C:\program files\belkin\router setup and monitor\belkinsetup.exe" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"TCP Query User{33DA7050-E3FA-4D07-ACA4-1AB6E60BDA65}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{8028D67E-DF24-4BCF-845B-0C6C303D182F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{94BEC674-4FAE-488B-9CDB-5CD0350CD1B0}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{9717CC47-7087-4A73-9705-E6AD63B32C10}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{A000EEDA-C9AD-4D15-8793-C552290EE2FE}D:\operaportabletest\app\opera\opera.exe" = protocol=6 | dir=in | app=d:\operaportabletest\app\opera\opera.exe |
"TCP Query User{A40FA3BB-7143-490C-AEE7-9DC19CA93160}C:\users\drew\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\drew\appdata\roaming\spotify\spotify.exe |
"TCP Query User{BC230E58-76A0-41BD-98EE-C28179FEC02A}D:\operaportabletest\app\opera\opera.exe" = protocol=6 | dir=in | app=d:\operaportabletest\app\opera\opera.exe |
"TCP Query User{CAE235E9-6A45-4B44-8C7D-08593966DF3D}C:\program files\belkin\router setup and monitor\belkinsetup.exe" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"TCP Query User{D6827F54-FDDD-4FBF-AA45-F0AA5C6C288E}C:\program files\belkin\belkin usb print and storage center\connect.exe" = protocol=6 | dir=in | app=c:\program files\belkin\belkin usb print and storage center\connect.exe |
"TCP Query User{D8D2E309-F45A-4703-ADA2-4A6C8D9BB51F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{E31FB489-B473-47A6-827E-7A88C0ABC481}C:\program files\belkin\belkin usb print and storage center\connect.exe" = protocol=6 | dir=in | app=c:\program files\belkin\belkin usb print and storage center\connect.exe |
"TCP Query User{F77374E2-886B-43EF-80B1-E6204B612FF1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{00C035EF-759D-4C38-986E-8118971BA468}C:\program files\belkin\belkin usb print and storage center\connect.exe" = protocol=17 | dir=in | app=c:\program files\belkin\belkin usb print and storage center\connect.exe |
"UDP Query User{00F85F63-6F7F-4C0E-8668-209FB94E4EDF}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{506BD867-5438-463E-9F80-0CCA9037FFC6}C:\program files\belkin\router setup and monitor\belkinsetup.exe" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"UDP Query User{76BA7839-1859-4CA1-883D-583E71C9EA98}D:\operaportabletest\app\opera\opera.exe" = protocol=17 | dir=in | app=d:\operaportabletest\app\opera\opera.exe |
"UDP Query User{97D6B7D3-30F0-4B39-AE4A-A0A06F165599}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{99771609-6C8C-4172-99CE-A1CC7967DE35}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A132FD2E-BB52-4644-B9E4-6424B9B36A3B}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{B8D16E90-2838-4585-B651-952D53B9EAF9}C:\users\drew\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\drew\appdata\roaming\spotify\spotify.exe |
"UDP Query User{C031FBF4-C24A-4C8A-AB5E-C6F946FC1CD9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{CF9F6801-04AB-4230-86F2-EF378737B4DC}D:\operaportabletest\app\opera\opera.exe" = protocol=17 | dir=in | app=d:\operaportabletest\app\opera\opera.exe |
"UDP Query User{DEDA7549-9067-4BC7-A999-E9025AA35517}C:\program files\belkin\belkin usb print and storage center\connect.exe" = protocol=17 | dir=in | app=c:\program files\belkin\belkin usb print and storage center\connect.exe |
"UDP Query User{E993DBC4-DEE7-421B-B1A1-91B8750337FE}C:\program files\belkin\router setup and monitor\belkinsetup.exe" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"UDP Query User{EF17E857-39F0-469C-937F-F6E2896C48F0}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{373C7B28-788D-4528-A4AD-86CB960AB615}" = TurningPoint 2008
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3B3D2CFD-3C21-4AA0-94DE-45577B5BAB16}" = Family Tree Maker 2011
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BF021F7-37A7-4086-B4F1-D5914925D18B}" = VZAccess Manager
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{574157B0-9D84-49d9-B08B-5296638BF5EE}" = 4300_Help
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{656A70D4-98FD-41F8-B172-575F60C922BB}" = AVG 2011
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6BB2C35F-C2AC-499E-918F-FB63E9A563F9}" = Nitro PDF Professional
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{7821C7B2-7E21-4CF3-925B-58B6A8BC6311}" = LibreOffice 3.4
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB480DA0-7EE9-465D-9C12-4CDE65BF18FB}" = Pando
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0B2407C-AA1A-4812-85DA-E833D5BC3E97}" = 4300
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D05E8183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D93E970F-5B4B-4BE6-89CB-E46963E3B1E4}" = DupeFree Pro
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.8.320
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DFAA3C20-5968-46A3-B7B0-0AF72D758A59}" = HTC Sync
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E1CAE438-DEF7-44C2-A3A9-6915ABF2A732}" = calibre
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EBEAF45A-58C3-44c8-8714-87909EBD6BC2}" = 4300Trb
"{EF9D9FAD-D31E-493B-9A6B-28D56FE4EB8F}" = Zimbra Desktop
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA1162AE-AF27-44A9-9C78-0C46BD44D75F}" = AVG 2011
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Article Editor_is1" = Article Editor v2.0
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10 v.10.0.11
"AVG" = AVG 2011
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"Belkin USB Print and Storage Center" = Belkin USB Print and Storage Center
"BN_DesktopReader" = NOOK for PC
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Digital Editions" = Adobe Digital Editions
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FaceOffMax" = Face Off Max
"Family Tree Maker 2011" = Family Tree Maker 2011
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FormatFactory" = FormatFactory 2.70
"Google Chrome" = Google Chrome
"GPL Ghostscript 8.60" = GPL Ghostscript 8.60
"GPL Ghostscript 9.02" = GPL Ghostscript
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"HASP4 Device Drivers" = HASP4 Device Drivers
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"HTC_WModemDriver" = WModem Driver Installer
"IrfanView" = IrfanView (remove only)
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.20)" = Mozilla Firefox (3.6.20)
"Opera 11.11.2109" = Opera 11.11
"Orbit_is1" = Orbit Downloader
"PDF Creator" = PDF Creator (Remove Only)
"QuickTime" = QuickTime
"Storybook" = Storybook
"The Rosetta Stone" = The Rosetta Stone
"TVWiz" = Intel® TV Wizard
"Video Mover_is1" = Video Mover
"Vivitar Experience Image Manager" = Vivitar Experience Image Manager
"VLC media player" = VLC media player 1.0.5
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WordWeb" = WordWeb
"yWriter5_is1" = yWriter5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4121544440-2439384158-1445081869-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Dexpot" = Dexpot
"Spotify" = Spotify
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/18/2011 12:22:40 PM | Computer Name = Jennifer-PC | Source = WinMgmt | ID = 10
Description =
Error - 12/18/2011 12:25:58 PM | Computer Name = Jennifer-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12/18/2011 6:04:09 PM | Computer Name = Jennifer-PC | Source = WinMgmt | ID = 10
Description =
Error - 12/18/2011 6:07:38 PM | Computer Name = Jennifer-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12/19/2011 1:41:59 AM | Computer Name = Jennifer-PC | Source = WinMgmt | ID = 10
Description =
Error - 12/19/2011 1:43:45 AM | Computer Name = Jennifer-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12/19/2011 1:59:34 AM | Computer Name = Jennifer-PC | Source = WinMgmt | ID = 10
Description =
Error - 12/19/2011 2:01:24 AM | Computer Name = Jennifer-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12/21/2011 6:58:27 PM | Computer Name = Jennifer-PC | Source = WinMgmt | ID = 10
Description =
Error - 12/21/2011 7:00:01 PM | Computer Name = Jennifer-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ Broadcom Wireless LAN Events ]
Error - 11/8/2010 12:35:31 AM | Computer Name = Jennifer-PC | Source = WLAN-Tray | ID = 0
Description = 22:35:30, Sun, Nov 07, 10 Error - Unable to gain access to user store
Error - 11/23/2010 12:48:04 AM | Computer Name = Jennifer-PC | Source = WLAN-Tray | ID = 0
Description = 22:48:03, Mon, Nov 22, 10 Error - Unable to gain access to user store
Error - 11/24/2010 1:04:39 AM | Computer Name = Jennifer-PC | Source = WLAN-Tray | ID = 0
Description = 23:04:39, Tue, Nov 23, 10 Error - Unable to gain access to user store
Error - 11/25/2010 11:52:09 PM | Computer Name = Jennifer-PC | Source = WLAN-Tray | ID = 0
Description = 21:52:08, Thu, Nov 25, 10 Error - Unable to gain access to user store
Error - 12/10/2010 1:13:54 AM | Computer Name = Jennifer-PC | Source = WLAN-Tray | ID = 0
Description = 23:13:53, Thu, Dec 09, 10 Error - Unable to gain access to user store
Error - 12/23/2010 1:05:32 AM | Computer Name = Jennifer-PC | Source = WLAN-Tray | ID = 0
Description = 23:05:31, Wed, Dec 22, 10 Error - Unable to gain access to user store
Error - 12/29/2010 9:28:26 PM | Computer Name = Jennifer-PC | Source = WLAN-Tray | ID = 0
Description = 19:28:26, Wed, Dec 29, 10 Error - Unable to decrypt string
Error - 12/30/2010 5:49:39 AM | Computer Name = Jennifer-PC | Source = WLAN-Tray | ID = 0
Description = 03:49:38, Thu, Dec 30, 10 Error - Unable to gain access to user store
Error - 12/31/2010 8:55:18 PM | Computer Name = Jennifer-PC | Source = WLAN-Tray | ID = 0
Description = 18:55:18, Fri, Dec 31, 10 Error - Unable to gain access to user store
Error - 5/22/2011 6:47:37 PM | Computer Name = Jennifer-PC | Source = WLAN-Tray | ID = 0
Description = 17:47:36, Sun, May 22, 11 Error - Unable to gain access to user store
[ System Events ]
Error - 12/22/2011 10:57:05 AM | Computer Name = Jennifer-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 12/22/2011 10:58:21 AM | Computer Name = Jennifer-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 12/22/2011 10:58:22 AM | Computer Name = Jennifer-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 12/22/2011 10:00:19 PM | Computer Name = Jennifer-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:58:25 PM on 12/22/2011 was unexpected.
Error - 12/22/2011 10:00:33 PM | Computer Name = Jennifer-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 12/22/2011 10:00:33 PM | Computer Name = Jennifer-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 12/22/2011 10:00:46 PM | Computer Name = Jennifer-PC | Source = DCOM | ID = 10005
Description =
Error - 12/22/2011 10:00:47 PM | Computer Name = Jennifer-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
Error - 12/22/2011 10:00:59 PM | Computer Name = Jennifer-PC | Source = DCOM | ID = 10005
Description =
Error - 12/22/2011 10:01:03 PM | Computer Name = Jennifer-PC | Source = DCOM | ID = 10005
Description =
< End of report >
So now what?? Thanks for your time - I'm sure you'd rather being preparing for Christmas!