Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser is hijacked. Rootkit Trojan? possibly Alureon.BK.


  • Please log in to reply

#1
Didjit

Didjit

    New Member

  • Member
  • Pip
  • 3 posts
O lord, please help. :)

My issue started a couple days ago, 11/28, when I was stupidly surfing/P2P with my AV off. Something got in and whacked my network connection. I couldn't browse but I could ping. Thinking something got my hosts file or the like, I ran SpyBot's innoculation and rebooted. During the boot (after POST, before OS load) there was something quick installing to root. The boot finished and I could browse again, but now links from email or a website were being rerouted to ad sites.

I ran full scans using Avast (my primary AV), Windows Defender, AdAware, SpyBot, and onecare.live.com. Not much was found. The Defender logs report Trojan: Win32/Alureon.BK. Now they all report that I'm clean, Malwarebyte included, but my browser and disk behavior suggest otherwise. Also, I've been unable to run my keyboard driver (Ideazon's Z-engine), and a desktop management program (Fences).

I'll include below the Malwarebyte and the OTL logs. I tried running RootRepeal, but it seemed to hang while scanning the services. I'll try again and post it if it finishes. I also cleaned with TFC; it crashed the first time, but finished the second time. I've run ERUNT, and I have a semi-valid restore point from the 28th. I'd tried reverting to that point but still had trouble, and there were no earlier restore points. I could make another one... but I think it'd be worse than what's there already.

I'm a pretty savvy user, but I'm out of my league with this. Help would be greatly appreciated! Thanks!





Here's my Malwarebyte log:

Database version _linenums:3272'>Malwarebytes' Anti-Malware 1.41Database version: 3272Windows 6.0.6002 Service Pack 2 (Safe Mode)12/1/2009 10:06:20 PMmbam-log-2009-12-01 (22-06-20).txtScan type: Quick ScanObjects scanned: 102333Time elapsed: 4 minute(s), 27 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)


And here's my OTL:
OTL logfile created on: 12/1/2009 11:08:42 PM - Run 1OTL by OldTimer - Version 3.1.11.4     Folder = C:\Users\Chris\Downloads\Utilities\GeeksToGoWindows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18828)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 48.23% Memory free4.00 Gb Paging File | 3.10 Gb Available in Paging File | 77.55% Paging File freePaging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 232.88 Gb Total Space | 25.10 Gb Free Space | 10.78% Space Free | Partition Type: NTFSDrive D: | 74.53 Gb Total Space | 10.06 Gb Free Space | 13.50% Space Free | Partition Type: NTFSE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: DARLENECurrent User Name: ChrisLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OnSkip Microsoft Files: OnFile Age = 14 DaysOutput = StandardQuick Scan ========== Processes (SafeList) ========== PRC - [2009/12/01 22:37:38 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Downloads\Utilities\GeeksToGo\OTL.exePRC - [2009/11/29 02:03:58 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exePRC - [2009/11/29 02:03:57 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exePRC - [2009/11/24 18:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exePRC - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exePRC - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exePRC - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exePRC - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exePRC - [2009/09/27 17:47:00 | 00,215,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exePRC - [2009/07/21 08:17:46 | 00,323,584 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint II\SetPointII.exePRC - [2009/07/10 11:42:32 | 00,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exePRC - [2009/06/12 19:10:21 | 00,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exePRC - [2009/05/27 11:00:24 | 00,753,664 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPort\APAgent.exePRC - [2009/04/11 01:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exePRC - [2009/04/11 01:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exePRC - [2009/03/09 04:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exePRC - [2009/03/04 11:45:36 | 00,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CtHelper.exePRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exePRC - [2009/01/08 08:35:36 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exePRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exePRC - [2008/01/19 02:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exePRC - [2008/01/11 22:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe  ========== Modules (SafeList) ========== MOD - [2009/12/01 22:37:38 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Downloads\Utilities\GeeksToGo\OTL.exeMOD - [2009/09/24 07:07:50 | 00,165,584 | ---- | M] () -- C:\Windows\System32\AirfoilInject3.dllMOD - [2009/04/11 01:28:20 | 00,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dllMOD - [2009/04/11 01:28:18 | 00,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dllMOD - [2009/04/11 01:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dllMOD - [2009/03/04 11:45:32 | 00,008,704 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\ctagent.dllMOD - [2008/01/19 02:33:47 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avrt.dllMOD - [2008/01/19 02:33:45 | 00,397,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AudioEng.dll  ========== Win32 Services (SafeList) ========== SRV - File not found --  -- (PSI_SVC_2)SRV - [2009/11/29 02:03:57 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)SRV - [2009/11/27 11:04:17 | 00,320,760 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)SRV - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)SRV - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)SRV - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)SRV - [2009/11/16 21:58:02 | 00,025,832 | ---- | M] (BioWare) -- c:\Program Files\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)SRV - [2009/09/27 17:47:00 | 00,215,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)SRV - [2009/09/24 20:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)SRV - [2009/06/12 19:10:21 | 00,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)SRV - [2009/04/18 07:18:52 | 00,079,360 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)SRV - [2009/04/18 00:12:24 | 00,079,360 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)SRV - [2009/04/11 01:28:25 | 00,375,808 | ---- | M] (Microsoft Corporation) -- winhttp.dll -- (WinHttpAutoProxySvc)SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)SRV - [2009/01/08 08:35:36 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)SRV - [2008/01/19 02:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2007/05/31 09:21:24 | 00,379,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)SRV - [2007/05/31 09:21:18 | 00,183,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)SRV - [2004/10/29 14:29:16 | 00,086,016 | ---- | M] (NetGroup - Politecnico di Torino) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)  ========== Standard Registry (SafeList) ==========  ========== Internet Explorer ==========  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blankIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local   O1 HOSTS File: (358536 bytes) - C:\Windows\System32\drivers\etc\hostsO1 - Hosts: 127.0.0.1       localhostO1 - Hosts: ::1             localhostO1 - Hosts: 127.0.0.1	www.007guard.comO1 - Hosts: 127.0.0.1	007guard.comO1 - Hosts: 127.0.0.1	008i.comO1 - Hosts: 127.0.0.1	www.008k.comO1 - Hosts: 127.0.0.1	008k.comO1 - Hosts: 127.0.0.1	www.00hq.comO1 - Hosts: 127.0.0.1	00hq.comO1 - Hosts: 127.0.0.1	010402.comO1 - Hosts: 127.0.0.1	www.032439.comO1 - Hosts: 127.0.0.1	032439.comO1 - Hosts: 127.0.0.1	www.0scan.comO1 - Hosts: 127.0.0.1	0scan.comO1 - Hosts: 127.0.0.1	www.1000gratisproben.comO1 - Hosts: 127.0.0.1	1000gratisproben.comO1 - Hosts: 127.0.0.1	www.1001namen.comO1 - Hosts: 127.0.0.1	1001namen.comO1 - Hosts: 127.0.0.1	www.100888290cs.comO1 - Hosts: 127.0.0.1	100888290cs.comO1 - Hosts: 127.0.0.1	www.100sexlinks.comO1 - Hosts: 127.0.0.1	100sexlinks.comO1 - Hosts: 127.0.0.1	10sek.comO1 - Hosts: 127.0.0.1	www.10sek.comO1 - Hosts: 127.0.0.1	1-2005-search.comO1 - Hosts: 12309 more lines...O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)O4 - HKLM..\Run: [CTHelper] CTHELPER.EXE (Creative Technology Ltd)O4 - HKLM..\Run: [CTxfiHlp] CTXFIHLP.EXE (Creative Technology Ltd)O4 - HKLM..\Run: [CTXFIREG] CTxfiReg.exe (Creative Technology Ltd)O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)O4 - HKLM..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.)O4 - HKCU..\Run: [Google Update] C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)O4 - HKCU..\Run: [Shadow] C:\Program Files\NewTech Infosystems\NTI Shadow\Shadow.exe (NewTech Infosystems, Inc.)O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O13 - gopher Prefix: missingO15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)O15 - HKCU\..Trusted Domains: carnival.com ([]https in Trusted sites)O15 - HKCU\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} [url="http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab"]http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab[/url] (Windows Live OneCare safety scanner control)O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} [url="http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab"]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab[/url] (Reg Error: Key error.)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_13)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [url="http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab"]http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab[/url] (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab"]http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.5.0)O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_07)O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_13)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_13)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O20 - AppInit_DLLs: (AirfoilInject3.dll) - AirfoilInject3.dll ()O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - Reg Error: Key error. File not foundO29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O32 - AutoRun File - [2004/01/23 22:14:34 | 00,000,032 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck) -  File not foundO34 - HKLM BootExecute: (*) -  File not foundO34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()O35 - comfile [open] -- "%1" %*O35 - exefile [open] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility -  File not foundNetSvcs: Ias - C:\Windows\System32\ias [2008/05/15 20:17:17 | 00,000,000 | ---D | M]NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)NetSvcs: Nla -  File not foundNetSvcs: Ntmssvc -  File not foundNetSvcs: NWCWorkstation -  File not foundNetSvcs: Nwsapagent -  File not foundNetSvcs: SRService -  File not foundNetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)NetSvcs: WmdmPmSp -  File not foundNetSvcs: LogonHours -  File not foundNetSvcs: PCAudit -  File not foundNetSvcs: helpsvc -  File not foundNetSvcs: uploadmgr -  File not foundOTL cannot create restorepoints on Vista OSs! ========== Files/Folders - Created Within 14 Days ========== [2009/12/01 22:57:25 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT[2009/11/30 08:22:41 | 00,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes[2009/11/30 08:22:37 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys[2009/11/30 08:22:36 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys[2009/11/30 08:22:36 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2009/11/30 08:22:36 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2009/11/29 21:52:07 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center[2009/11/29 02:04:10 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys[2009/11/29 01:52:38 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys[2009/11/29 01:52:38 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys[2009/11/28 18:37:04 | 00,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}[2009/11/28 18:36:07 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft[2009/11/24 19:20:49 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0[2009/11/22 19:55:12 | 00,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Canneverbe_Limited[2009/11/22 19:55:11 | 00,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited[2009/03/04 11:46:18 | 00,010,752 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll[2008/09/17 17:54:30 | 00,151,552 | ---- | C] ( ) -- C:\Windows\System32\STAPI.dll ========== Files - Modified Within 14 Days ========== [2009/12/01 23:11:23 | 00,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI[2009/12/01 23:11:23 | 00,586,762 | ---- | M] () -- C:\Windows\System32\perfh009.dat[2009/12/01 23:11:23 | 00,098,300 | ---- | M] () -- C:\Windows\System32\perfc009.dat[2009/12/01 23:11:00 | 00,000,396 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{39A4ECE0-3C56-441F-9934-B8971E5330AA}.job[2009/12/01 23:10:38 | 07,864,320 | -HS- | M] () -- C:\Users\Chris\ntuser.dat[2009/12/01 23:10:33 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7515B8F5-2C37-4A4B-8493-ED713936F42F}.job[2009/12/01 23:07:18 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job[2009/12/01 23:07:01 | 00,034,895 | ---- | M] () -- C:\ProgramData\nvModes.dat[2009/12/01 23:06:59 | 00,034,895 | ---- | M] () -- C:\ProgramData\nvModes.001[2009/12/01 23:06:46 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT[2009/12/01 23:06:44 | 00,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0[2009/12/01 23:06:44 | 00,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0[2009/12/01 23:06:34 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2009/12/01 23:06:30 | 21,458,94400 | -HS- | M] () -- C:\hiberfil.sys[2009/12/01 23:05:39 | 00,031,056 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000005-00000000-00000009-00001102-00000004-20021102}.rfx[2009/12/01 23:05:39 | 00,031,056 | ---- | M] () -- C:\Windows\System32\BMXState-{00000005-00000000-00000009-00001102-00000004-20021102}.rfx[2009/12/01 23:05:39 | 00,030,528 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000005-00000000-00000009-00001102-00000004-20021102}.rfx[2009/12/01 23:05:39 | 00,030,528 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000005-00000000-00000009-00001102-00000004-20021102}.rfx[2009/12/01 23:05:39 | 00,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000005-00000000-00000009-00001102-00000004-20021102}.rfx[2009/12/01 23:05:08 | 00,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{43743ff3-60f6-11dd-9757-00044b148da5}.TMContainer00000000000000000001.regtrans-ms[2009/12/01 23:05:08 | 00,065,536 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{43743ff3-60f6-11dd-9757-00044b148da5}.TM.blf[2009/12/01 22:57:25 | 00,000,743 | ---- | M] () -- C:\Users\Chris\Desktop\NTREGOPT.lnk[2009/12/01 22:57:25 | 00,000,724 | ---- | M] () -- C:\Users\Chris\Desktop\ERUNT.lnk[2009/12/01 22:19:50 | 21,827,4857 | ---- | M] () -- C:\Windows\MEMORY.DMP[2009/12/01 22:07:38 | 00,000,015 | ---- | M] () -- C:\Windows\System32\settings.dat[2009/12/01 21:57:40 | 02,589,751 | -H-- | M] () -- C:\Users\Chris\AppData\Local\IconCache.db[2009/12/01 21:18:00 | 00,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3221076326-3453429523-2635678479-1001UA.job[2009/12/01 21:18:00 | 00,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3221076326-3453429523-2635678479-1000UA.job[2009/12/01 19:50:37 | 00,101,888 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009/12/01 07:39:15 | 00,001,356 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat[2009/12/01 01:19:17 | 00,002,091 | ---- | M] () -- C:\Users\Chris\Desktop\Google Chrome.lnk[2009/12/01 01:18:00 | 00,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3221076326-3453429523-2635678479-1000Core.job[2009/12/01 00:07:34 | 00,046,716 | ---- | M] () -- C:\Users\Chris\Desktop\cc_20091201_000650.reg[2009/11/30 23:55:05 | 04,931,577 | ---- | M] () -- C:\Windows\{00000005-00000000-00000009-00001102-00000004-20021102}.CDF[2009/11/30 23:55:05 | 04,931,577 | ---- | M] () -- C:\Windows\{00000005-00000000-00000009-00001102-00000004-20021102}.BAK[2009/11/30 23:54:58 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol[2009/11/30 20:23:39 | 00,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml[2009/11/30 20:23:39 | 00,001,905 | ---- | M] () -- C:\Windows\diagerr.xml[2009/11/30 11:18:00 | 00,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3221076326-3453429523-2635678479-1001Core.job[2009/11/30 08:22:39 | 00,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk[2009/11/30 08:12:00 | 00,000,182 | ---- | M] () -- C:\Users\Chris\Desktop\Registry defender virus - Tech Support Guy Forums.url[2009/11/30 08:11:53 | 00,000,158 | ---- | M] () -- C:\Users\Chris\Desktop\How to remove IE Defender.url[2009/11/29 22:11:55 | 00,072,074 | ---- | M] () -- C:\Users\Chris\Desktop\bookmarks.html[2009/11/29 16:30:08 | 00,002,773 | ---- | M] () -- C:\Users\Chris\.recently-used.xbel[2009/11/29 02:04:09 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys[2009/11/29 02:04:08 | 00,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe[2009/11/29 01:59:18 | 00,001,017 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk[2009/11/29 01:54:56 | 00,358,536 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts[2009/11/29 01:52:37 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt[2009/11/27 19:58:11 | 00,001,912 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk[2009/11/27 12:02:44 | 00,001,142 | ---- | M] () -- C:\Windows\QUICKEN.INI[2009/11/27 12:02:44 | 00,000,046 | ---- | M] () -- C:\Windows\System32\Q3.DIR[2009/11/27 10:56:56 | 00,000,798 | ---- | M] () -- C:\Users\Public\Desktop\Airfoil.lnk[2009/11/24 22:11:07 | 00,000,384 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job[2009/11/24 18:54:29 | 01,280,480 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe[2009/11/24 18:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys[2009/11/24 18:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys[2009/11/24 18:49:48 | 00,053,328 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys[2009/11/24 18:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys[2009/11/24 18:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys[2009/11/24 18:47:28 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr[2009/11/23 22:22:25 | 00,133,921 | ---- | M] () -- C:\Users\Chris\Documents\contacts.xlsx[2009/11/23 22:08:31 | 00,162,998 | ---- | M] () -- C:\Users\Chris\Documents\contacts.csv ========== Files Created - No Company Name ========== [2009/12/01 22:57:25 | 00,000,743 | ---- | C] () -- C:\Users\Chris\Desktop\NTREGOPT.lnk[2009/12/01 22:57:25 | 00,000,724 | ---- | C] () -- C:\Users\Chris\Desktop\ERUNT.lnk[2009/12/01 22:19:52 | 21,458,94400 | -HS- | C] () -- C:\hiberfil.sys[2009/12/01 22:06:58 | 00,000,015 | ---- | C] () -- C:\Windows\System32\settings.dat[2009/12/01 22:00:04 | 21,827,4857 | ---- | C] () -- C:\Windows\MEMORY.DMP[2009/12/01 20:48:15 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job[2009/12/01 01:13:42 | 00,002,091 | ---- | C] () -- C:\Users\Chris\Desktop\Google Chrome.lnk[2009/12/01 01:13:01 | 00,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3221076326-3453429523-2635678479-1000UA.job[2009/12/01 01:13:01 | 00,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3221076326-3453429523-2635678479-1000Core.job[2009/12/01 00:06:54 | 00,046,716 | ---- | C] () -- C:\Users\Chris\Desktop\cc_20091201_000650.reg[2009/11/30 08:22:39 | 00,000,828 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk[2009/11/30 08:12:00 | 00,000,182 | ---- | C] () -- C:\Users\Chris\Desktop\Registry defender virus - Tech Support Guy Forums.url[2009/11/30 08:11:53 | 00,000,158 | ---- | C] () -- C:\Users\Chris\Desktop\How to remove IE Defender.url[2009/11/29 22:11:55 | 00,072,074 | ---- | C] () -- C:\Users\Chris\Desktop\bookmarks.html[2009/11/29 16:30:08 | 00,002,773 | ---- | C] () -- C:\Users\Chris\.recently-used.xbel[2009/11/29 10:52:52 | 00,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe[2009/11/29 01:59:18 | 00,001,017 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk[2009/11/27 19:58:11 | 00,001,912 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk[2009/11/26 14:30:08 | 00,000,798 | ---- | C] () -- C:\Users\Public\Desktop\Airfoil.lnk[2009/11/23 22:08:48 | 00,133,921 | ---- | C] () -- C:\Users\Chris\Documents\contacts.xlsx[2009/11/23 21:54:34 | 00,162,998 | ---- | C] () -- C:\Users\Chris\Documents\contacts.csv[2009/11/11 21:20:44 | 00,034,895 | ---- | C] () -- C:\ProgramData\nvModes.001[2009/11/11 21:19:55 | 00,034,895 | ---- | C] () -- C:\ProgramData\nvModes.dat[2009/10/09 20:30:04 | 00,000,760 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\setup_ldm.iss[2009/07/31 21:23:56 | 00,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini[2009/06/27 18:05:41 | 00,000,481 | ---- | C] () -- C:\Users\Chris\AppData\Local\RAExpertHistory.xml[2009/06/22 01:22:50 | 00,003,140 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys[2009/06/22 01:22:50 | 00,000,008 | RHS- | C] () -- C:\ProgramData\5BC87BD02D.sys[2009/06/12 19:10:38 | 00,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys[2009/05/27 21:14:20 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll[2009/04/18 07:00:02 | 00,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL[2009/04/18 07:00:01 | 00,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL[2009/04/11 20:36:34 | 00,165,584 | ---- | C] () -- C:\Windows\System32\AirfoilInject3.dll[2009/03/24 09:13:26 | 00,005,365 | ---- | C] () -- C:\Windows\System32\drivers\NetProbe.sys[2009/03/04 12:15:26 | 00,049,697 | ---- | C] () -- C:\Windows\System32\instwdm.ini[2009/03/04 12:15:24 | 00,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini[2009/03/04 11:47:28 | 00,043,520 | ---- | C] () -- C:\Windows\System32\CTBurst.dll[2009/02/28 22:52:06 | 00,000,043 | ---- | C] () -- C:\Windows\INTUIT.INI[2008/10/31 07:33:32 | 00,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll[2008/06/09 13:37:43 | 00,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll[2008/04/26 08:46:17 | 00,018,073 | ---- | C] () -- C:\Windows\CSTBox.INI[2008/04/14 13:29:24 | 00,000,156 | ---- | C] () -- C:\Windows\QTW.INI[2008/04/13 19:32:19 | 00,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI[2008/04/12 16:05:02 | 00,000,094 | ---- | C] () -- C:\Windows\family.ini[2008/03/30 08:28:10 | 00,221,252 | ---- | C] () -- C:\Windows\System32\maskDll.dll[2008/03/30 08:28:10 | 00,200,776 | ---- | C] () -- C:\Windows\System32\unMaskDLL.dll[2008/03/10 22:06:23 | 00,108,032 | ---- | C] () -- C:\Windows\System32\sh33w32.dll[2008/03/02 14:17:38 | 00,250,168 | ---- | C] () -- C:\Windows\System32\expat.dll[2008/02/28 08:08:21 | 00,000,028 | ---- | C] () -- C:\Windows\ICOA.INI[2008/02/28 08:08:12 | 00,000,000 | ---- | C] () -- C:\Windows\QFN.ini[2008/02/28 08:08:12 | 00,000,000 | ---- | C] () -- C:\Windows\QDQICK.ini[2008/02/22 13:25:42 | 00,022,328 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\PnkBstrK.sys[2008/02/22 11:42:40 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI[2008/02/18 00:45:16 | 00,101,888 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2008/02/17 11:26:11 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol[2008/02/17 00:18:36 | 00,000,052 | ---- | C] () -- C:\Windows\intuprof.ini[2008/02/17 00:17:42 | 00,001,142 | ---- | C] () -- C:\Windows\QUICKEN.INI[2008/02/16 21:44:05 | 00,003,072 | ---- | C] () -- C:\Windows\CTXFIRES.DLL[2008/02/16 21:23:28 | 00,043,517 | ---- | C] () -- C:\Windows\System32\e10kxwdm.ini[2008/02/16 21:23:20 | 00,005,515 | ---- | C] () -- C:\Windows\System32\ENSDEF.INI[2008/02/16 21:15:48 | 00,000,061 | ---- | C] () -- C:\Windows\SBWIN.INI[2008/02/16 20:21:26 | 00,001,356 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat[2007/08/13 19:45:02 | 00,077,824 | ---- | C] () -- C:\Windows\System32\ctmmactl.dll[2007/04/12 08:10:28 | 00,105,728 | ---- | C] () -- C:\Windows\System32\APOMgrH.dll[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini[2006/10/02 16:25:18 | 00,000,307 | ---- | C] () -- C:\Windows\System32\kill.ini[2004/01/15 05:01:26 | 00,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll ========== LOP Check ========== [2008/02/22 09:16:32 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\acccore[2008/10/22 06:22:50 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Acoustica[2008/12/19 00:00:43 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Bioshock[2009/11/22 19:55:12 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Canneverbe_Limited[2009/08/09 12:47:27 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Canon[2009/07/05 16:14:27 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1[2008/11/15 09:19:29 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Folding@home-x86[2008/12/25 09:37:45 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GARMIN[2009/11/29 01:47:16 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\gtk-2.0[2008/04/12 16:05:02 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\HotSync[2008/11/22 12:41:52 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ICAClient[2009/11/29 21:31:29 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Ideazon[2008/10/21 15:28:13 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ieSpell[2009/01/25 01:44:47 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ImgBurn[2009/05/16 07:48:06 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\IObit[2008/03/12 20:46:34 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leadertech[2008/08/20 06:43:47 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Netscape[2008/11/04 00:54:37 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org[2009/10/07 06:15:21 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Stardock[2008/12/13 06:56:10 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\SvS[2008/12/27 21:47:40 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Ubisoft[2009/11/29 21:03:24 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent[2009/01/17 15:15:06 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\XCPCSync.OEM[2009/12/01 23:07:18 | 00,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job[2009/12/01 23:05:21 | 00,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT[2009/11/24 22:11:07 | 00,000,384 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job[2009/12/01 23:11:00 | 00,000,396 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{39A4ECE0-3C56-441F-9934-B8971E5330AA}.job[2009/12/01 23:10:33 | 00,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7515B8F5-2C37-4A4B-8493-ED713936F42F}.job ========== Purity Check ==========   ========== Custom Scans ==========  < %SYSTEMDRIVE%\*.exe >[2007/11/07 08:03:18 | 00,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe  < MD5 for: AGP440.SYS  >[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys[2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS  >[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys[2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys[2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys[2008/02/16 20:51:24 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys[2008/02/16 20:51:24 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys[2008/02/16 20:51:24 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL  >[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS  >[2008/01/19 02:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys[2008/01/19 02:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL  >[2006/11/02 04:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll[2008/01/19 02:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS  >[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys[2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys[2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL  >[2008/01/19 02:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll[2006/11/02 04:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll< End of report >


And finally, the Extras log:
OTL Extras logfile created on: 12/1/2009 11:08:42 PM - Run 1OTL by OldTimer - Version 3.1.11.4     Folder = C:\Users\Chris\Downloads\Utilities\GeeksToGoWindows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18828)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 48.23% Memory free4.00 Gb Paging File | 3.10 Gb Available in Paging File | 77.55% Paging File freePaging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 232.88 Gb Total Space | 25.10 Gb Free Space | 10.78% Space Free | Partition Type: NTFSDrive D: | 74.53 Gb Total Space | 10.06 Gb Free Space | 13.50% Space Free | Partition Type: NTFSE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: DARLENECurrent User Name: ChrisLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OnSkip Microsoft Files: OnFile Age = 14 DaysOutput = StandardQuick Scan ========== Extra Registry (SafeList) ==========  ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation).hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation).html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*chm.file [open] -- "%SystemRoot%\hh.exe" %1cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0"VistaSp1" = Reg Error: Unknown registry data type -- File not found"VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3221076326-3453429523-2635678479-1000]"EnableNotifications" = 0"EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3221076326-3453429523-2635678479-1001]"EnableNotifications" = 1"EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1"DefaultOutboundAction" = 0"DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1 ========== Authorized Applications List ==========  ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0480AE5B-4D39-44FC-9AAF-00C3E3B4D521}" = lport=6883 | protocol=6 | dir=in | name=wow | "{07DD2FEE-A1DA-40C5-BCCA-7F6C002F27A3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{0857106D-9208-4567-BFBE-E3842CF8DDE3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{14DD1F04-AA4E-44B8-BCA8-270BAEE9E3B3}" = rport=10243 | protocol=6 | dir=out | app=system | "{25B7BF2E-89A1-40FA-8CB4-DD44729E2686}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{31F8F635-2041-4CAE-8BDB-F8FF314D754D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3B5055D3-795C-4A29-9FEE-8B76FCDE191E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{3B6FFF10-AB1B-4873-AE4C-0DE29A7D19A5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3F0E21FB-0FB3-4DC4-A60C-92D0E085F8EC}" = lport=6888 | protocol=6 | dir=in | name=wow | "{431B71B7-793C-4B03-ADF4-94105291DE65}" = lport=6881 | protocol=6 | dir=in | name=wow 6881 | "{448813BF-5768-471A-8017-ED56D100B470}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5019960B-EC87-48BE-8126-9EC62C0427A5}" = lport=3724 | protocol=6 | dir=in | name=wow 3724 | "{556C30F2-2CAD-434C-A84D-B1563B2829B1}" = lport=6890 | protocol=6 | dir=in | name=wow | "{5A1AE5AC-446A-4B40-91AE-1835A353D467}" = lport=6894 | protocol=6 | dir=in | name=wow | "{61049462-A771-48E4-B039-5827166806E2}" = lport=5353 | protocol=17 | dir=in | name=bonjour | "{6B354131-57B3-4C1E-8F31-78BD89BDAA95}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6D23958B-8799-481E-8D01-457E4F5D7A67}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7085B1DC-E29D-494D-9869-836320B0D716}" = lport=6899 | protocol=6 | dir=in | name=wow | "{73004A3A-41DF-4097-8DEA-726DD73ACA06}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{73EB4778-931B-4A7C-9C3D-7CA6BCD4A447}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{74525C01-9FC6-46E7-A956-97BE30558C60}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{749FFFC5-0A89-441A-AB50-F73E8ACCA360}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7A4B1B08-C47D-4788-BC8F-505014ABAE44}" = lport=6896 | protocol=6 | dir=in | name=wow | "{7FECC538-4D00-46B0-85A3-40692566C671}" = lport=6892 | protocol=6 | dir=in | name=wow | "{80AD9FBC-7CE6-483A-9281-A88347F70D3F}" = lport=6898 | protocol=6 | dir=in | name=wow | "{87C89B31-3959-48C6-BE79-4944CD6F2775}" = lport=6895 | protocol=6 | dir=in | name=wow | "{8C6DB30F-60BC-45FB-A47B-341C475D5CE4}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{92CEA649-98AE-41BF-9CFE-1BF574D80544}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{9567645E-5B0E-4A3E-9460-B63D36A46078}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9990B9ED-EA88-4CD7-AD44-BCA1E84AA561}" = lport=6891 | protocol=6 | dir=in | name=wow | "{9BAB5547-CA54-427D-8DBE-333957A8E3AE}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{A56C2C70-2D51-4FE5-ADE6-1A93A130CF64}" = lport=6884 | protocol=6 | dir=in | name=wow | "{AB4F362A-14CF-4C7B-86E3-031C9363DF04}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{ACF0D171-A07C-4010-81A4-CCCC8D432049}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{B236CBBA-45E6-4506-86B4-FF346B8D53C1}" = lport=10243 | protocol=6 | dir=in | app=system | "{B2C8D655-2727-49E3-B96E-AA91C1491F27}" = lport=6887 | protocol=6 | dir=in | name=wow | "{B4287377-5DDD-4961-881C-69F9BF723603}" = lport=6900 | protocol=6 | dir=in | name=wow 6900 | "{BBC468AE-D202-4D36-90D3-1203B199ACD9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C070002A-C32E-4000-85CF-F1EA97A30620}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{C26EB149-8B06-4C1F-85E7-A0A1C257D715}" = lport=6112 | protocol=6 | dir=in | name=wow 6112 | "{D00C308C-30ED-4484-905F-E5C06A166E73}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D2EECFCE-68F3-43DB-9353-F2FED586C471}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{D46ECE4A-13C1-4C0B-A346-BD70DD120F09}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{D56C7218-33A1-4F00-B91B-8D3D54A15111}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{D60182CB-AA6E-4D43-94AA-50401367824E}" = lport=80 | protocol=6 | dir=in | name=tabula rasa 80 | "{D9682D70-F5AD-456B-A8C0-C0970ABD15C9}" = lport=5353 | protocol=17 | dir=in | name=bonjour | "{DD5BE7C6-4868-4CE9-A05F-50B6DE97FCC7}" = lport=2106 | protocol=6 | dir=in | name=tabula rasa 2106 | "{DD850DF7-BF04-4899-9C36-F26DDED2C2D2}" = lport=6882 | protocol=6 | dir=in | name=wow | "{DE96F8F9-716E-4F60-B846-A1A46E85FA14}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DEE87F65-0BA9-4869-857F-93D4132CF310}" = lport=6897 | protocol=6 | dir=in | name=wow | "{E0F442CB-6E56-44B9-A80B-4E0EB2599499}" = lport=6889 | protocol=6 | dir=in | name=wow | "{EFEE1F1E-2C32-47F0-81FC-F118095ACE03}" = lport=2106 | protocol=17 | dir=in | name=tabula rasa 2106 | "{F2DC445A-D2C4-42DF-B16B-EAE3B3D74AA4}" = lport=6886 | protocol=6 | dir=in | name=wow | "{F4FE206B-CE2B-4F8A-869E-79ECFD6D5B12}" = lport=2869 | protocol=6 | dir=in | app=system | "{F59F87DA-5C96-4C67-98C1-FF7291F335CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F8104A09-2792-4F76-827C-FA427FC8672C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FDE40AE1-4F3D-49CB-B2D0-CA4938758D33}" = lport=6893 | protocol=6 | dir=in | name=wow | "{FF656B30-F2BF-472B-B67D-246F85E7EFC9}" = lport=6885 | protocol=6 | dir=in | name=wow |  ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{04B7B919-D87D-4492-AC2B-9D64DD708F35}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0517883E-3ECB-4FBB-BA71-C9B82EB98A4D}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | "{06458D8F-7F24-4254-A93A-763A88A9A157}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{09462445-E44E-4DAB-885E-4193D3CE3831}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0D136E2E-5E0B-457F-963F-E3387D4709FA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0DDA1E03-E22D-4BED-B271-FA75A6270081}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0E494848-F9B0-4457-A195-A6A581672457}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{108F6FF9-6F5C-400A-87DA-A5831F1ED322}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | "{1162A215-4BF1-479B-9A94-E9A3191CAFA9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{118E247D-8837-4A45-96B7-0550AFFCF4B5}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe | "{13300063-772E-4FEB-A175-AC7EEA933A75}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | "{14D64223-14FD-40AF-80C0-DE6CE777973F}" = protocol=17 | dir=in | app=c:\program files\airfoil\airfoilspeakers.exe | "{16C64739-5D41-41FF-BDD2-4BA4F2844A00}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1734225F-4B73-415E-B778-CFBD7947B9F3}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe | "{17D1B9CE-C6AA-492E-9ABA-15907E545A9A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | "{1CA983F6-00DB-4CAC-BDDF-2E5151D2DCB4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\daoriginslauncher.exe | "{20CADDCF-DB0F-4119-A5C3-7B67D0C8A6B9}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | "{263E6ECC-F5AD-48B7-A577-B9002761912A}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | "{2C1ACB13-0ECA-4EF9-ACFD-C8721408BF80}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2FC7BC87-A78D-4270-8397-9381DAD0FB7D}" = protocol=17 | dir=in | app=c:\program files\ideazon\zengine\zboard.exe | "{31192680-2826-40D9-90E9-0F74A96A80AF}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | "{34600A52-A947-4FC2-A2BC-E97FDBBFD3AE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{352460A8-362D-47FF-9AB3-DFC6BFCC1A02}" = protocol=6 | dir=out | app=system | "{38BBBA83-9C63-4B99-9D38-D4C0C27934E7}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe | "{393A3594-F399-4037-AC6F-EEB6166B1D63}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{39A4FFB0-25D4-49DB-8D9C-D67D1F800F32}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe | "{3EF95654-EFB8-4214-854C-A3F7753D16B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{423367B1-851C-421B-85D2-8DE22B5E191B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\daoriginslauncher.exe | "{430B3971-9F04-48CC-B39C-B244719E1DFB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{434DB04F-61F2-4D36-A9F3-493243A84EC4}" = protocol=6 | dir=in | app=c:\program files\airfoil\airfoil.exe | "{446F3BB3-F4DC-4658-A2E3-269C9025534F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{4898F25A-F527-4EF4-B0BF-9C9554597335}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{4939CA55-02D0-4EE3-8C07-CC6148D867D8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4A1CD3A0-6B15-4960-B8AA-21ACC9AC1F1D}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{4C3B97C7-6C9D-4491-BE65-C4CA062F9665}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | "{4C7E3A6D-BDC7-4C48-AA6D-BA426F00E5AA}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | "{4EB0AAA9-C871-4B03-A6F1-8392977A5458}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{50FA1887-1CA2-4BF5-973F-E87BB8D2610A}" = protocol=17 | dir=in | app=c:\program files\thq\stalker\bin\dedicated\xr_3da.exe | "{52E55067-9872-45EE-9DF7-58F170015D91}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{53FE50EF-F87F-4B81-929C-E75C11EE56DD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe | "{54129643-9D41-4CAD-8D59-D9C798B8CBF6}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe | "{563515F5-BC40-4E11-B60F-56A717FF72DA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{58B0DD52-8365-499E-ACA1-0EB689772705}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe | "{5A8DA287-EB82-4C1C-B412-D4AC78C6D1A7}" = protocol=17 | dir=in | app=c:\program files\ncsoft\launcher\nclauncher.exe | "{63A5057A-C71A-48BE-88E0-F88109973CD6}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | "{65F24B82-EABC-43E8-80DB-E90C65B60CDA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe | "{671FCFB3-35C5-43FC-8CF2-8D94412E32ED}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6900A0FC-8694-4815-B020-EB89837DB959}" = protocol=17 | dir=in | app=c:\program files\airfoil\airfoil.exe | "{6D7B12DD-B306-42CD-A3C9-BCB515A523F5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{6F3DCC36-A747-446F-8FC6-313569B51287}" = protocol=17 | dir=in | app=c:\program files\ncsoft\tabula rasa\tabula_rasa.exe | "{703DED52-7809-402A-8C79-2CF52A2FCA1B}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{7299A64B-AE04-419D-90E9-D2B6ECEE591F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{72A84FFE-1F1B-44DE-9FE7-62EF9CEFDA68}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mass effect\binaries\masseffect.exe | "{75313DD4-91DF-4539-BA18-FF1292E1B432}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | "{7807681F-57E3-431D-B710-C82FB18D7ABA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{78806587-9224-4F91-A97C-FF644420CDFB}" = protocol=6 | dir=in | app=c:\program files\thq\stalker\bin\dedicated\xr_3da.exe | "{7920F6DF-8B87-4876-9024-FDEA996742BF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mass effect\binaries\masseffect.exe | "{793E8C65-4A9D-4533-B7B7-676247BB8FAF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{794707AB-502D-48B2-AF35-D61F3C32707D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | "{79AAC696-C00B-4202-A2A6-0BEE667F9715}" = protocol=6 | dir=in | app=c:\program files\ncsoft\launcher\nclauncher.exe | "{7C49113F-AFC8-484F-B954-72A6D4C7BB81}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8137F028-9A28-492C-9319-FCF5764AB76C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{87133849-E28B-4349-88A7-FB4394957719}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{88148792-71BA-4CCA-AAF4-10E422B523CF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe | "{89A695E9-7D15-4D10-8A6F-708883BD84B0}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{9145327C-C119-401B-8AAB-8AA572B99D67}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{977A3EA0-9E80-4DC7-959B-E917540070DF}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{9C5349AF-3984-4229-9B75-C7CAC253D696}" = protocol=17 | dir=in | app=c:\program files\airport\apagent.exe | "{9DD72601-3762-4201-8A18-0340519D7D6A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9EB91498-53D0-4957-BF22-B94291E25C1C}" = protocol=6 | dir=in | app=c:\program files\ideazon\zengine\zboard.exe | "{A6C8E2F0-059D-4AD8-BD1A-DF751186FE1E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{AAFADB1E-66CF-487A-9E8A-9D1EFB9CAF91}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | "{AC6C3725-F3F0-4829-81C3-D4DBFD7251A7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B6C39EC5-1AD4-45F5-96CC-50441B2C87BA}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{B795A92B-46EA-446B-AF0E-712228997780}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe | "{B9F186A7-3542-42C6-86B1-3D7D0354306D}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | "{BAC82F29-9E9E-4E48-9686-D252E7F758B7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{BC3D23AE-D033-4BB1-A35C-79A97385380E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BD470B2B-8FC8-4915-AF27-2AA28BC01FC6}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | "{BD888BDD-DF26-4D94-865E-3435A8B1D4EE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C3C1696E-4A69-4B2A-97B4-9BE9D906BA04}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C8ADBFB6-D677-47C3-BABA-C1CC94F9AE36}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CBAD5122-6A6C-4F7B-9FBA-5A0B8D40391A}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | "{CBBDB318-6692-4389-B405-0E0B360BE5DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CBD48A16-899F-4FBF-8FBB-437874701672}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CBDD86CF-74D5-4120-8C7A-084ECA77B9F6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{CD29F18D-11BA-4937-B8EB-6A38F8F95EE4}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | "{CF757624-8563-46C3-9062-AC51ECA2C384}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D18C9FEE-8CF6-435E-9C5F-7BD18A54CFB4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D1A39BD8-121C-4265-B010-F865A44F626A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D46C16F1-7E5A-42DF-AB81-517B2760D241}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D56A14A3-90E3-41E3-9C56-80CE86ABDE7F}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | "{D5750456-8832-4ED0-A34D-F228A6A064B6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D57F168E-4289-4A9E-AE29-19CFF390BA52}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | "{DE78272F-A901-444C-A8F1-A6EDACDEB024}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{DF13358D-C91F-41E8-9FD1-115CC7456BC5}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe | "{E14A79B3-A6DA-4F61-9D0C-92D7256E566C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E18FAF3C-F55C-40EC-9093-0544F1EFA0E3}" = protocol=6 | dir=in | app=c:\program files\ncsoft\tabula rasa\tabula_rasa.exe | "{E2D74497-8123-4697-B65A-1B4C60A2B9BA}" = protocol=17 | dir=in | app=c:\program files\thq\stalker\bin\xr_3da.exe | "{E6F36CB9-3C85-45DA-B4EE-1E2732584168}" = protocol=6 | dir=in | app=c:\program files\thq\stalker\bin\xr_3da.exe | "{E9E22DC2-2BA1-4368-AAAD-97F444F1C214}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | "{ECF8186B-4567-46B9-9B61-1771D1C662A0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{EDFA1B9F-23B7-4A79-AF09-9468BB5EFF5A}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{EFD1E09E-8F20-481D-8F45-A519CB6C8296}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F123E928-14E6-4120-AFDE-29AFE070E8E5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F31B94EC-C293-42CD-AC41-DE48A540CF76}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F3C20EA1-9C5A-48C3-A697-1155509E373C}" = protocol=6 | dir=in | app=c:\program files\airfoil\airfoilspeakers.exe | "{F706A8C7-F5BC-4489-9765-D0193DFFC20F}" = protocol=6 | dir=in | app=c:\program files\airport\apagent.exe | "{F8F6D9C1-A8D7-4647-A078-47F1CD021C1B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{04148C39-5375-4D7B-AE6B-FD5857147285}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "TCP Query User{265D1DAE-513B-4A82-9646-A449974B88DD}C:\program files\palm\hotsync.exe" = protocol=6 | dir=in | app=c:\program files\palm\hotsync.exe | "TCP Query User{2D6192F6-8C42-436D-B06E-29052461DC0B}C:\program files\winamp remote\bin\orb.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | "TCP Query User{2E63C3C0-EA78-4BE2-8695-8F721288CD36}C:\users\chris\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\chris\appdata\local\google\chrome\application\chrome.exe | "TCP Query User{52173C3B-BB75-42E9-A4AE-172064DB8B99}C:\program files\svs\log viewer\lvsnmp.exe" = protocol=6 | dir=in | app=c:\program files\svs\log viewer\lvsnmp.exe | "TCP Query User{5785DD3F-45E0-47AB-BC95-D56130B15267}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "TCP Query User{5B4A5920-E06F-4EC9-8B0D-3DBB12D492AB}C:\program files\palm\hotsync.exe" = protocol=6 | dir=in | app=c:\program files\palm\hotsync.exe | "TCP Query User{6A04E75E-7EE3-4A47-AE83-D9283F1E4831}C:\users\chris\appdata\local\microsoft\windows\temporary internet files\content.ie5\bccqfj31\wowclient-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\chris\appdata\local\microsoft\windows\temporary internet files\content.ie5\bccqfj31\wowclient-downloader[1].exe | "TCP Query User{8215E306-F3D6-428D-8B24-E335D7831F5B}C:\windows\system32\mmc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mmc.exe | "TCP Query User{86CCA9BA-385C-4DAF-9729-658B0CB6AF14}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe | "TCP Query User{A8FC0C10-4F2A-4E16-AA5F-F4652BFCE053}C:\program files\winamp remote\bin\orbir.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | "TCP Query User{BA0918D9-2D7C-4D63-95A3-4B2463DC6311}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{BDA55C19-655A-435A-9D0D-325AFA21ECC2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{CE831774-734E-4C21-A323-1B60FBE82ECA}C:\program files\svs\log viewer\lvsnmp.exe" = protocol=6 | dir=in | app=c:\program files\svs\log viewer\lvsnmp.exe | "TCP Query User{D4E9CF3B-E7FC-4761-92F9-AF7FD4EA444D}C:\program files\winamp remote\bin\orbtray.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | "TCP Query User{E6200619-2C70-4679-A51C-57B4C98A8CE4}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "TCP Query User{EA3DF67A-3C00-4552-BDAD-11E14811D7DC}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe | "UDP Query User{0205E728-72AD-45F4-A893-6486404A0E73}C:\windows\system32\mmc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mmc.exe | "UDP Query User{0CBCA7F8-6D08-49F8-B875-0A05BD5870EF}C:\program files\svs\log viewer\lvsnmp.exe" = protocol=17 | dir=in | app=c:\program files\svs\log viewer\lvsnmp.exe | "UDP Query User{2631D52D-F0E6-4D3A-A272-55C019FA6766}C:\program files\palm\hotsync.exe" = protocol=17 | dir=in | app=c:\program files\palm\hotsync.exe | "UDP Query User{52563836-9580-4EA3-BDEE-46189062F827}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | "UDP Query User{545AAD54-9DC2-46E9-9AB8-4F7CE40AE171}C:\program files\svs\log viewer\lvsnmp.exe" = protocol=17 | dir=in | app=c:\program files\svs\log viewer\lvsnmp.exe | "UDP Query User{59297208-33DA-4EAB-8756-1BDDF01BF2A6}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe | "UDP Query User{5FB91A15-713F-478C-8131-E9830990CE53}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | "UDP Query User{63F60C50-603C-4F5C-8DE7-5C2F4B51F28D}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "UDP Query User{7849D3FF-9697-477D-B7F6-98FC63D7948D}C:\users\chris\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\chris\appdata\local\google\chrome\application\chrome.exe | "UDP Query User{7F036817-CA90-44ED-8CE3-FA33A621E909}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{85B1366E-A259-4705-B401-4BE1E0637FFC}C:\program files\winamp remote\bin\orbir.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | "UDP Query User{A176494B-FBB4-48F7-9799-93369BA6F7E9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{BD468D06-DE2D-41CD-9F64-C06E3108D8DC}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe | "UDP Query User{C9B00011-4D85-4F76-92F6-1444573AB1AE}C:\program files\palm\hotsync.exe" = protocol=17 | dir=in | app=c:\program files\palm\hotsync.exe | "UDP Query User{EC1F9BEA-5DD2-47D3-A7B6-624EB4F4A282}C:\program files\winamp remote\bin\orbtray.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | "UDP Query User{F25116AE-9042-44E2-990D-DBBBDFED9883}C:\program files\winamp remote\bin\orb.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | "UDP Query User{F491B9B0-305A-406F-8F12-81CE73809305}C:\users\chris\appdata\local\microsoft\windows\temporary internet files\content.ie5\bccqfj31\wowclient-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\chris\appdata\local\microsoft\windows\temporary internet files\content.ie5\bccqfj31\wowclient-downloader[1].exe |  ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW® Graphics Suite X4"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour"{1E5B631E-4C91-43C6-80E7-926DB3D01CA5}" = Log Viewer"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(tm) 6 Update 13"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(tm) 6 Update 7"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = er100LT"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4"{48A8ADFF-D6E4-409D-B2BA-5CABB7FE5A84}" = AirPort"{570DE9F3-AD88-4C89-9C2C-4C4632B1F45B}" = oAEP Setup"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = PlayNC Launcher"{637AF5A9-CFD1-43D7-A622-8F93954E92E3}" = AirPort"{64E47A5F-B3C4-476A-9100-2D006BD1FFB4}" = Z Engine"{681EF95E-6DF9-4E72-9214-0545FAD17630}" = XTNDConnect PC"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN"{80757F48-95CA-4DF5-8A07-CE308A665BF2}" = Canon Driver Auto Installation"{81DCEC2B-E069-4985-978B-3230292AB744}" = NTI Shadow"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003"{986A654F-F1E4-11DD-9FCA-005056C00008}" = Paragon Partition Manager™ 10.0 Personal"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT"{A90DCEC1-22DE-11D4-B8A9-0050DAB648C6}" = AvantGo Client"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications ® Core - English"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA"{BF4A5346-599E-E1A8-99C4-E46DA044A6A2}" = Pandora"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader  1.1"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications ® Core"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater"{E209F988-EF49-4B3D-84A6-3CBB67F058AC}" = Google SketchUp 7"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01"{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}" = Garmin Communicator Plugin"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner"{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (03/08/2007 2.2.1.0)"7-Zip" = 7-Zip 4.65"Acoustica MP3 CD Burner" = Acoustica MP3 CD Burner"Ad-Aware" = Ad-Aware"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"AIM_6" = AIM 6"Airfoil" = Airfoil"ALchemy" = Creative ALchemy"AudioCS" = Creative Audio Console"avast!" = avast! Antivirus"AviSynth" = AviSynth 2.5"CCleaner" = CCleaner"CodInstl" = Intel A/V Codecs V2.0"com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1" = Pandora"CutePDF Writer Installation" = CutePDF Writer 2.7"DVD Flick_is1" = DVD Flick 1.3.0.7"ERUNT_is1" = ERUNT 1.1j"FLV Player" = FLV Player 2.0 (build 25)"Google Calendar Sync" = Google Calendar Sync"ieSpell" = ieSpell"ImgBurn" = ImgBurn"Indeo® Software" = Indeo® Software"InstallShield_{48A8ADFF-D6E4-409D-B2BA-5CABB7FE5A84}" = AirPort"Jpeg Enhancer_is1" = Jpeg Enhancer 1.8"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer"NVIDIA Drivers" = NVIDIA Drivers"OpenAL" = OpenAL"PeerGuardian_is1" = PeerGuardian 2.0"Photodex Presenter" = Photodex Presenter"PROPLUS" = Microsoft Office Professional Plus 2007"PS3 Video 9" = PS3 Video 9 5.03"PunkBusterSvc" = PunkBuster Services"Quicken 2001 New User Edition" = Quicken 2001 New User Edition"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]"Smart Defrag_is1" = Smart Defrag 1.20"Steam App 17450" = Dragon Age: Origins"ThumbsPlus4" = ThumbsPlus version 4.50-R"UDPixel" = UDPixel.exe"ViewpointMediaPlayer" = Viewpoint Media Player"VLC media player" = VLC media player 1.0.1"WaveStudio 7" = Creative WaveStudio 7"Winamp" = Winamp"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner"WinGimp-2.0_is1" = GIMP 2.6.4"WinPcapInst" = WinPcap 3.1 beta4"XML Marker_is1" = XML Marker version 1.1"ZENcast Organizer" = ZENcast Organizer ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Google Chrome" = Google Chrome"uTorrent" = µTorrent"WinDirStat" = WinDirStat 1.1.2 ========== Last 10 Event Log Errors ========== [ Antivirus Events ]Error - 11/28/2009 11:07:49 PM | Computer Name = Darlene | Source = avast! | ID = 33554522Description = aswChestInterface - Program error description: CChestListView::OnCreate() !m_strErrorWnd.IsEmpty().   Error - 11/29/2009 1:25:06 AM | Computer Name = Darlene | Source = avast! | ID = 33554522Description = Error in aswChestC: chestOpenList Error 1753.   Error - 11/29/2009 1:25:06 AM | Computer Name = Darlene | Source = avast! | ID = 33554522Description = aswChestInterface - Program error description: CChestListView::LoadFiles() chestOpenList() failed: 2147422219.   Error - 11/29/2009 1:25:15 AM | Computer Name = Darlene | Source = avast! | ID = 33554522Description = aswChestInterface - Program error description: CChestListView::OnCreate() !m_strErrorWnd.IsEmpty().   Error - 11/29/2009 1:57:40 AM | Computer Name = Darlene | Source = avast! | ID = 33554522Description = Error in aswChestC: chestOpenList Error 1753.   Error - 11/29/2009 1:57:40 AM | Computer Name = Darlene | Source = avast! | ID = 33554522Description = aswChestInterface - Program error description: CChestListView::LoadFiles() chestOpenList() failed: 2147422219.   Error - 11/29/2009 1:57:43 AM | Computer Name = Darlene | Source = avast! | ID = 33554522Description = aswChestInterface - Program error description: CChestListView::OnCreate() !m_strErrorWnd.IsEmpty().   Error - 12/1/2009 7:57:18 PM | Computer Name = Darlene | Source = avast! | ID = 33554522Description = Error in aswChestC: chestOpenList Error 1753.   Error - 12/1/2009 7:57:18 PM | Computer Name = Darlene | Source = avast! | ID = 33554522Description = aswChestInterface - Program error description: CChestListView::LoadFiles() chestOpenList() failed: 2147422219.   Error - 12/1/2009 7:57:41 PM | Computer Name = Darlene | Source = avast! | ID = 33554522Description = aswChestInterface - Program error description: CChestListView::OnCreate() !m_strErrorWnd.IsEmpty().   [ Application Events ]Error - 12/1/2009 9:53:48 PM | Computer Name = Darlene | Source = SPP | ID = 16387Description =  Error - 12/1/2009 9:53:48 PM | Computer Name = Darlene | Source = System Restore | ID = 8193Description =  Error - 12/1/2009 9:54:24 PM | Computer Name = Darlene | Source = SPP | ID = 16387Description =  Error - 12/1/2009 9:54:24 PM | Computer Name = Darlene | Source = System Restore | ID = 8193Description =  Error - 12/1/2009 10:11:19 PM | Computer Name = Darlene | Source = Application Error | ID = 1000Description = Faulting application Zboard.exe, version 2.5.0.29, time stamp 0x4a271065, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0001102e,  process id 0x4d8, application start time 0x01ca72f4b4a58e65. Error - 12/1/2009 11:01:19 PM | Computer Name = Darlene | Source = EventSystem | ID = 4609Description =  Error - 12/1/2009 11:20:23 PM | Computer Name = Darlene | Source = Application Error | ID = 1000Description = Faulting application Zboard.exe, version 2.5.0.29, time stamp 0x4a271065, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception code 0xc0000005, fault offset 0x00009eed,  process id 0xa88, application start time 0x01ca72fe5e46d326. Error - 12/2/2009 | Computer Name = Darlene | Source = Application Error | ID = 1000Description = Faulting application TFC.exe, version 3.1.2.0, time stamp 0x2a425e19, faulting module ole32.dll, version 6.0.6002.18005, time stamp 0x49e037d7, exception code 0xc0000005, fault offset 0x00129e82,  process id 0x16b4, application start time 0x01ca7302fd673226. Error - 12/2/2009 12:02:02 AM | Computer Name = Darlene | Source = Application Error | ID = 1000Description = Faulting application Zboard.exe, version 2.5.0.29, time stamp 0x4a271065, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0001102e,  process id 0x202c, application start time 0x01ca730432889dd6. Error - 12/2/2009 12:06:58 AM | Computer Name = Darlene | Source = Application Error | ID = 1000Description = Faulting application Zboard.exe, version 2.5.0.29, time stamp 0x4a271065, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0001102e,  process id 0xa20, application start time 0x01ca7304e17875ef. [ OSession Events ]Error - 6/29/2009 9:36:42 AM | Computer Name = Darlene | Source = Microsoft Office 12 Sessions | ID = 7001Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18 seconds with 0 seconds of active time.  This session ended with a crash. Error - 9/19/2009 3:20:53 PM | Computer Name = Darlene | Source = Microsoft Office 12 Sessions | ID = 7001Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21906 seconds with 600 seconds of active time.  This session ended with a crash. [ System Events ]Error - 12/1/2009 11:18:34 PM | Computer Name = Darlene | Source = nvstor32 | ID = 262149Description = A parity error was detected on \Device\RaidPort0. Error - 12/1/2009 11:18:34 PM | Computer Name = Darlene | Source = nvstor32 | ID = 262149Description = A parity error was detected on \Device\RaidPort0. Error - 12/1/2009 11:18:34 PM | Computer Name = Darlene | Source = nvstor32 | ID = 262149Description = A parity error was detected on \Device\RaidPort0. Error - 12/1/2009 11:18:34 PM | Computer Name = Darlene | Source = nvstor32 | ID = 262149Description = A parity error was detected on \Device\RaidPort0. Error - 12/1/2009 11:18:34 PM | Computer Name = Darlene | Source = nvstor32 | ID = 262149Description = A parity error was detected on \Device\RaidPort0. Error - 12/1/2009 11:19:58 PM | Computer Name = Darlene | Source = EventLog | ID = 6008Description = The previous system shutdown at 10:18:37 PM on 12/1/2009 was unexpected. Error - 12/1/2009 11:20:22 PM | Computer Name = Darlene | Source = Service Control Manager | ID = 7026Description =  Error - 12/1/2009 11:57:43 PM | Computer Name = Darlene | Source = Service Control Manager | ID = 7034Description =  Error - 12/2/2009 12:03:14 AM | Computer Name = Darlene | Source = Service Control Manager | ID = 7034Description =  Error - 12/2/2009 12:07:00 AM | Computer Name = Darlene | Source = Service Control Manager | ID = 7026Description =   < End of report >

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP