I followed step 5 for OTL log (except I pasted in your text in the custom scan box)and it said not to change any settings, so the default settings were as follows: use safelist was checked for processes, services, standard registry & modules, and none was checked for drivers & extra registry. Both LOP and Purity check were checked off.
I have posted the logs:
OTL.txt log:
TL logfile created on: 1/2/2010 7:24:58 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\MICHELLE\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.74 Gb Total Space | 26.30 Gb Free Space | 26.37% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.40 Gb Free Space | 44.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MICHELLE-PC
Current User Name: MICHELLE
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2010/01/02 19:14:47 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\MICHELLE\Desktop\OTL.exe
PRC - [2009/12/30 14:55:18 | 00,235,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/12/30 14:55:16 | 00,429,392 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2009/12/23 22:48:34 | 00,160,592 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2009/11/27 23:48:12 | 00,842,240 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrayMonitor\TrayMonitor.exe
PRC - [2009/11/27 20:00:02 | 00,382,368 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/11/27 19:59:56 | 00,665,032 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/11/27 19:57:30 | 01,865,560 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Agent\agent.exe
PRC - [2009/11/27 19:35:02 | 04,285,664 | ---- | M] (Acronis) -- C:\Program Files\Acronis\BackupAndRecovery\mms.exe
PRC - [2009/11/27 19:28:10 | 00,957,024 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Timounter\TimounterMonitor.exe
PRC - [2009/11/21 01:42:38 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/16 16:02:08 | 00,761,856 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxdrpswx.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/03 07:06:31 | 00,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/19 13:47:28 | 00,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdrcoms.exe
PRC - [2009/07/27 15:54:44 | 00,345,392 | ---- | M] (Yapta, Inc.) -- C:\Program Files\Yapta\YaptaClient.exe
PRC - [2009/07/15 18:33:15 | 00,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/04/11 01:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 01:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/07 16:43:36 | 00,809,488 | ---- | M] (Logitech, Inc.) -- C:\Users\MICHELLE\Desktop\SetPoint\SetPoint.exe
PRC - [2008/11/07 16:39:36 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/09/10 05:24:21 | 00,676,520 | ---- | M] () -- C:\Program Files\Lexmark 4900 Series\lxdrmon.exe
PRC - [2008/09/10 05:24:18 | 00,025,256 | ---- | M] () -- C:\Program Files\Lexmark 4900 Series\lxdrmsdmon.exe
PRC - [2008/05/02 11:40:34 | 00,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\providerComcast\bin\tgsrvc.exe
PRC - [2007/08/08 18:28:48 | 00,028,672 | ---- | M] (WebGuide LLC) -- C:\Program Files\WebGuide\WebGuide4\bin\WebGuideServiceMonitor.exe
PRC - [2007/08/08 18:28:42 | 00,040,960 | ---- | M] (WebGuide LLC) -- C:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe
PRC - [2007/03/14 17:53:10 | 00,569,344 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2007/02/08 00:11:04 | 00,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2007/02/07 23:06:10 | 00,049,152 | ---- | M] (UltiDev LLC) -- C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/21 20:09:02 | 00,842,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2006/11/17 18:52:40 | 00,815,104 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/11/11 18:10:40 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2006/11/02 19:40:12 | 00,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2006/10/03 11:37:04 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/04/28 09:14:44 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/05/09 18:16:15 | 00,192,512 | ---- | M] (Simple Star, Inc.) -- C:\Program Files\Comcast\Comcast PhotoShow 4\data\Xtras\mssysmgr.exe
========== Modules (SafeList) ========== MOD - [2010/01/02 19:14:47 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\MICHELLE\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [Auto | Stopped] -- -- (gusvc)
SRV - [2009/12/30 14:55:18 | 00,235,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/11/27 19:59:56 | 00,665,032 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/11/27 19:57:30 | 01,865,560 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Agent\agent.exe -- (AcronisAgent)
SRV - [2009/11/27 19:35:02 | 04,285,664 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Acronis\BackupAndRecovery\mms.exe -- (MMS)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/16 15:49:48 | 00,094,208 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdrserv.exe -- (lxdrCATSCustConnectService)
SRV - [2009/10/03 07:06:31 | 00,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2009/09/24 20:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/19 13:47:28 | 00,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdrcoms.exe -- (lxdr_device)
SRV - [2009/07/15 18:33:15 | 00,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/07 16:40:52 | 00,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/05/02 11:40:34 | 00,398,704 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/05/02 11:40:34 | 00,148,768 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\providerComcast\bin\tgsrvc.exe -- (tgsrvc_providercomcast) SupportSoft Repair Service (providercomcast)
SRV - [2008/03/20 21:58:24 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe -- (GoToAssist)
SRV - [2008/02/28 10:53:18 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/02/28 10:53:18 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/01/18 23:38:26 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/08 18:28:42 | 00,040,960 | ---- | M] (WebGuide LLC) [Auto | Running] -- C:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe -- (WebGuideTranscode)
SRV - [2007/03/14 17:53:10 | 00,569,344 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2007/02/07 23:06:10 | 00,049,152 | ---- | M] (UltiDev LLC) [Auto | Running] -- C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe -- (UltiDev Cassini Web Server for ASP.NET 2.0)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/11 18:10:40 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2006/11/02 19:40:12 | 00,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "
http://search.aol.co...ff50ie7&query="FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "
http://www.comcast.net/"FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems:
[email protected]:7
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.27
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..keyword.URL: "
http://search.aol.co...h=yesab&query=" FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/03/22 05:16:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/22 05:39:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/22 05:39:21 | 00,000,000 | ---D | M]
[2008/12/18 05:05:50 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Mozilla\Extensions
[2010/01/01 18:45:59 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Mozilla\Firefox\Profiles\edccnlxs.default\extensions
[2009/12/21 06:12:27 | 00,000,000 | ---D | M] (NoScript) -- C:\Users\MICHELLE\AppData\Roaming\Mozilla\Firefox\Profiles\edccnlxs.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/11/18 20:05:19 | 00,000,000 | ---D | M] (No name found) -- C:\Users\MICHELLE\AppData\Roaming\Mozilla\Firefox\Profiles\edccnlxs.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2009/11/15 08:25:15 | 00,000,000 | ---D | M] (WOT) -- C:\Users\MICHELLE\AppData\Roaming\Mozilla\Firefox\Profiles\edccnlxs.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2008/10/17 16:09:23 | 00,001,901 | ---- | M] () -- C:\Users\MICHELLE\AppData\Roaming\Mozilla\Firefox\Profiles\edccnlxs.default\searchplugins\aimsearch.xml
[2009/12/30 15:57:35 | 00,001,218 | ---- | M] () -- C:\Users\MICHELLE\AppData\Roaming\Mozilla\Firefox\Profiles\edccnlxs.default\searchplugins\comcast.xml
[2009/11/09 21:02:16 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/18 05:05:42 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\
[email protected][2009/11/19 17:16:28 | 00,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 00,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2008/10/09 19:16:49 | 00,001,982 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AIM Search.xml
[2008/12/01 11:50:26 | 00,004,946 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\comcast.xml
O1 HOSTS File: (810 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Common Files\Acronis\Timounter\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BackupAndRecoveryMonitor.exe] C:\Program Files\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe (Acronis)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [lxdramon] C:\Program Files\Lexmark 4900 Series\lxdramon.exe ()
O4 - HKLM..\Run: [lxdrmon.exe] C:\Program Files\Lexmark 4900 Series\lxdrmon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TrayMonitor.exe] C:\Program Files\Acronis\TrayMonitor\TrayMonitor.exe (Acronis)
O4 - HKLM..\Run: [Yapta Tracker] C:\Program Files\Yapta\YaptaClient.exe (Yapta, Inc.)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Comcast\Comcast PhotoShow 4\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (Yapta, Inc.)
O9 - Extra 'Tools' menuitem : Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - Reg Error: Value error. File not found
O9 - Extra Button: Yapta Settings - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe (Yapta, Inc.)
O9 - Extra 'Tools' menuitem : Yapta Settings... - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe (Yapta, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: comcastsupport.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533}
https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {3527C5BD-4A46-4362-94B6-12341D087A4B}
http://echospin.com/...es/esWizard.cab (esProxy.GeneralHandler)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10}
http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6}
https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203}
http://h20270.www2.h...ctDetection.cab (Reg Error: Key error.)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739}
http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7}
http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: Garmin Communicator Plug-In
https://my.garmin.co...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: AeLookupSvc - C:\Windows\System32\aelupsvc.dll (Microsoft Corporation)
NetSvcs: wercplsupport - C:\Windows\System32\wercplsupport.dll (Microsoft Corporation)
NetSvcs: Themes - C:\Windows\System32\shsvcs.dll (Microsoft Corporation)
NetSvcs: CertPropSvc - C:\Windows\System32\certprop.dll (Microsoft Corporation)
NetSvcs: SCPolicySvc - C:\Windows\System32\certprop.dll (Microsoft Corporation)
NetSvcs: lanmanserver - C:\Windows\System32\srvsvc.dll (Microsoft Corporation)
NetSvcs: gpsvc - C:\Windows\System32\gpsvc.dll (Microsoft Corporation)
NetSvcs: IKEEXT - C:\Windows\System32\IKEEXT.DLL (Microsoft Corporation)
NetSvcs: AudioSrv - C:\Windows\System32\audiosrv.dll (Microsoft Corporation)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/09/23 00:23:39 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Rasauto - C:\Windows\System32\rasauto.dll (Microsoft Corporation)
NetSvcs: Rasman - C:\Windows\System32\rasmans.dll (Microsoft Corporation)
NetSvcs: Remoteaccess - C:\Windows\System32\mprdim.dll (Microsoft Corporation)
NetSvcs: SENS - C:\Windows\System32\Sens.dll (Microsoft Corporation)
NetSvcs: Sharedaccess - C:\Windows\System32\ipnathlp.dll (Microsoft Corporation)
NetSvcs: SRService - File not found
NetSvcs: Tapisrv - C:\Windows\System32\tapisrv.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: TermService - C:\Windows\System32\termsrv.dll (Microsoft Corporation)
NetSvcs: wuauserv - C:\Windows\System32\wuaueng.dll (Microsoft Corporation)
NetSvcs: BITS - C:\Windows\System32\qmgr.dll (Microsoft Corporation)
NetSvcs: ShellHWDetection - C:\Windows\System32\shsvcs.dll (Microsoft Corporation)
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: iphlpsvc - C:\Windows\System32\iphlpsvc.dll (Microsoft Corporation)
NetSvcs: seclogon - C:\Windows\System32\seclogon.dll (Microsoft Corporation)
NetSvcs: AppInfo - C:\Windows\System32\appinfo.dll (Microsoft Corporation)
NetSvcs: msiscsi - C:\Windows\System32\iscsiexe.dll (Microsoft Corporation)
NetSvcs: MMCSS - C:\Windows\System32\mmcss.dll (Microsoft Corporation)
NetSvcs: ProfSvc - C:\Windows\System32\profsvc.dll (Microsoft Corporation)
NetSvcs: EapHost - C:\Windows\System32\eapsvc.dll (Microsoft Corporation)
NetSvcs: winmgmt - C:\Windows\System32\wbem\WMIsvc.dll (Microsoft Corporation)
NetSvcs: schedule - C:\Windows\System32\schedsvc.dll (Microsoft Corporation)
NetSvcs: SessionEnv - C:\Windows\System32\SessEnv.dll (Microsoft Corporation)
NetSvcs: browser - C:\Windows\System32\browser.dll (Microsoft Corporation)
NetSvcs: hkmsvc - C:\Windows\System32\KMSVC.DLL (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ========== [2010/01/02 19:14:37 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\MICHELLE\Desktop\OTL.exe
[2010/01/02 07:46:53 | 00,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2010/01/01 23:05:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Macrium
[2010/01/01 22:47:04 | 00,000,000 | ---D | C] -- C:\Users\MICHELLE\AppData\Local\Adobe
[2010/01/01 21:42:38 | 00,000,000 | ---D | C] -- C:\Windows\Acronis
[2010/01/01 21:42:27 | 00,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2010/01/01 21:42:07 | 00,000,000 | ---D | C] -- C:\Windows\LastGood
[2010/01/01 21:40:36 | 00,000,000 | ---D | C] -- C:\Program Files\Acronis
[2010/01/01 21:40:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2010/01/01 21:24:48 | 00,000,000 | ---D | C] -- C:\ComboFix
[2010/01/01 21:24:25 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/01/01 21:21:38 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/31 19:29:03 | 00,000,000 | ---D | C] -- C:\Users\MICHELLE\AppData\Local\Apple
[2009/12/31 19:04:31 | 00,000,000 | ---D | C] -- C:\Users\MICHELLE\AppData\Local\temp
[2009/12/31 19:02:55 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/12/31 18:17:35 | 00,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2009/12/30 22:28:05 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/12/30 22:26:16 | 00,000,000 | ---D | C] -- C:\Users\MICHELLE\AppData\Roaming\SUPERAntiSpyware.com
[2009/12/30 22:26:16 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/12/30 20:37:53 | 00,000,000 | ---D | C] -- C:\Users\MICHELLE\AppData\Local\Apple Computer
[2009/12/26 23:01:58 | 00,000,000 | ---D | C] -- C:\Users\MICHELLE\Desktop\Microsoft
[2009/12/24 17:58:09 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/10/15 21:32:46 | 00,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxdrcoin.dll
[2009/09/10 22:24:54 | 00,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdrpmui.dll
[2009/09/10 22:24:46 | 00,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdrcomm.dll
[2009/07/28 20:37:00 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\MICHELLE\AppData\Roaming\pcouffin.sys
[2009/03/12 20:01:01 | 00,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDRhcp.dll
[2009/03/12 20:01:00 | 00,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdrusb1.dll
[2009/03/12 20:01:00 | 00,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdrinpa.dll
[2009/03/12 20:01:00 | 00,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdriesc.dll
[2009/03/12 20:00:59 | 01,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxdrserv.dll
[2009/03/12 20:00:59 | 00,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdrlmpm.dll
[2009/03/12 20:00:57 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdrhbn3.dll
[2009/03/12 20:00:55 | 00,761,856 | ---- | C] ( ) -- C:\Windows\System32\lxdrcomc.dll
[2008/04/30 16:04:31 | 00,008,192 | ---- | C] ( ) -- C:\Windows\System32\cshost.dll
[43 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[43 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\MICHELLE\Desktop\*.tmp files -> C:\Users\MICHELLE\Desktop\*.tmp -> ]
========== Files - Modified Within 14 Days ========== [2010/01/02 19:31:00 | 00,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4EF27C85-EE55-495F-80F8-3060E4B8A57A}.job
[2010/01/02 19:30:21 | 07,602,176 | -HS- | M] () -- C:\Users\MICHELLE\ntuser.dat
[2010/01/02 19:30:15 | 00,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{43A518E6-C34F-4385-927F-75DDE5105BDE}.job
[2010/01/02 19:30:00 | 00,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5F21486F-FCF4-4E72-B917-B2262D5A96A6}.job
[2010/01/02 19:14:47 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\MICHELLE\Desktop\OTL.exe
[2010/01/02 18:53:00 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/02 18:53:00 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/02 11:50:57 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/02 11:50:57 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/02 11:50:57 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/02 11:22:17 | 00,065,536 | -HS- | M] () -- C:\Users\MICHELLE\ntuser.dat{c0c548af-bd86-11dc-8f61-0019b9602971}.TM.blf
[2010/01/02 11:22:16 | 00,524,288 | -HS- | M] () -- C:\Users\MICHELLE\ntuser.dat{c0c548af-bd86-11dc-8f61-0019b9602971}.TMContainer00000000000000000001.regtrans-ms
[2010/01/02 11:21:23 | 03,840,122 | -H-- | M] () -- C:\Users\MICHELLE\AppData\Local\IconCache.db
[2010/01/02 08:29:31 | 00,059,688 | ---- | M] () -- C:\Users\MICHELLE\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/01/02 01:17:28 | 00,000,526 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Scan for MICHELLE.job
[2010/01/02 01:00:13 | 00,000,512 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Update for MICHELLE.job
[2010/01/01 23:09:31 | 07,391,232 | ---- | M] () -- C:\Users\MICHELLE\Desktop\Rescue.iso
[2010/01/01 22:03:44 | 03,637,248 | ---- | M] () -- C:\Users\MICHELLE\Desktop\AcronisUniversalRestore.msi
[2010/01/01 21:54:56 | 00,001,315 | ---- | M] () -- C:\Users\Public\Desktop\Acronis Backup & Recovery 10.lnk
[2010/01/01 21:19:42 | 00,028,691 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/01/01 16:53:22 | 00,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2010/01/01 16:53:03 | 00,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\Rpcnet.dll
[2010/01/01 16:53:03 | 00,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2010/01/01 16:52:55 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/01 16:52:49 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/01 16:15:55 | 02,194,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/01/01 01:00:07 | 00,000,338 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2009/12/31 19:00:17 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/12/31 17:22:37 | 00,002,191 | ---- | M] () -- C:\Users\MICHELLE\Desktop\iTunes.lnk
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/29 23:15:09 | 00,002,587 | ---- | M] () -- C:\Users\MICHELLE\Desktop\WORD.lnk
[43 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[43 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\MICHELLE\Desktop\*.tmp files -> C:\Users\MICHELLE\Desktop\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/01/01 23:09:41 | 07,391,232 | ---- | C] () -- C:\Users\MICHELLE\Desktop\Rescue.iso
[2010/01/01 22:03:43 | 03,637,248 | ---- | C] () -- C:\Users\MICHELLE\Desktop\AcronisUniversalRestore.msi
[2010/01/01 21:54:56 | 00,001,315 | ---- | C] () -- C:\Users\Public\Desktop\Acronis Backup & Recovery 10.lnk
[2009/12/28 22:53:10 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/12/24 19:52:52 | 00,002,191 | ---- | C] () -- C:\Users\MICHELLE\Desktop\iTunes.lnk
[2009/10/20 22:39:23 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/19 12:05:21 | 00,380,454 | ---- | C] () -- C:\ProgramData\lxdrJSW.log
[2009/09/10 22:24:29 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxdrgrd.dll
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/28 21:15:07 | 00,001,044 | ---- | C] () -- C:\Users\MICHELLE\AppData\Roaming\vso_ts_preview.xml
[2009/07/28 20:38:18 | 00,000,033 | ---- | C] () -- C:\Users\MICHELLE\AppData\Roaming\pcouffin.log
[2009/07/28 20:37:00 | 00,007,887 | ---- | C] () -- C:\Users\MICHELLE\AppData\Roaming\pcouffin.cat
[2009/07/28 20:37:00 | 00,001,144 | ---- | C] () -- C:\Users\MICHELLE\AppData\Roaming\pcouffin.inf
[2009/06/06 15:00:58 | 00,000,004 | ---- | C] () -- C:\Users\MICHELLE\AppData\Roaming\576CB6
[2009/06/06 15:00:57 | 00,870,128 | ---- | C] () -- C:\Users\MICHELLE\AppData\Roaming\mcs.rma
[2009/05/28 19:59:01 | 00,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/03/16 16:49:08 | 00,000,532 | ---- | C] () -- C:\ProgramData\lxdr.log
[2009/03/15 12:29:53 | 00,000,691 | ---- | C] () -- C:\Users\MICHELLE\AppData\Roaming\GetValue.vbs
[2009/03/15 12:29:53 | 00,000,035 | ---- | C] () -- C:\Users\MICHELLE\AppData\Roaming\SetValue.bat
[2009/03/12 22:00:31 | 00,000,187 | ---- | C] () -- C:\ProgramData\lxdrDiagnostics.log
[2009/03/12 20:09:49 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxdrvs.dll
[2009/03/12 20:06:38 | 00,081,920 | ---- | C] () -- C:\Windows\System32\lxdrcaps.dll
[2009/03/12 20:06:38 | 00,069,632 | ---- | C] () -- C:\Windows\System32\lxdrcnv4.dll
[2009/03/12 20:06:37 | 01,036,288 | ---- | C] () -- C:\Windows\System32\lxdrdrs.dll
[2009/03/12 20:03:48 | 00,000,044 | ---- | C] () -- C:\Windows\System32\lxdrrwrd.ini
[2009/03/12 20:01:01 | 00,389,120 | ---- | C] () -- C:\Windows\System32\LXDRinst.dll
[2009/03/12 19:58:11 | 00,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2009/03/10 18:54:58 | 00,008,619 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/02/14 22:59:27 | 00,000,177 | ---- | C] () -- C:\Users\MICHELLE\AppData\Local\LaunchHomeCenter.log
[2009/02/14 21:20:12 | 00,442,870 | ---- | C] () -- C:\Users\MICHELLE\AppData\Local\installer.log
[2008/10/09 19:41:04 | 00,000,124 | ---- | C] () -- C:\Users\MICHELLE\AppData\Roaming\Au_.txt
[2008/03/22 22:58:27 | 00,000,008 | ---- | C] () -- C:\ProgramData\DragToDiscUserNameE.txt
[2008/02/09 15:39:05 | 00,000,069 | ---- | C] () -- C:\Windows\SONIC.INI
[2007/11/14 20:24:14 | 00,003,584 | ---- | C] () -- C:\Windows\System32\wceprv.dll
[2007/09/03 14:41:23 | 00,000,008 | RHS- | C] () -- C:\Windows\System32\DB460FB393.sys
[2007/09/03 14:41:22 | 00,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2007/09/03 14:38:55 | 01,300,048 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
[2007/06/17 20:39:11 | 00,000,073 | ---- | C] () -- C:\Windows\FaceFun.INI
[2007/05/13 18:58:44 | 00,098,304 | ---- | C] () -- C:\Windows\System32\resourceGeneric.dll
[2007/04/06 16:59:49 | 00,008,268 | ---- | C] () -- C:\Users\MICHELLE\AppData\Local\d3d9caps.dat
[2007/04/05 18:11:39 | 00,044,544 | ---- | C] () -- C:\Windows\System32\GIF89.DLL
[2007/04/05 18:11:34 | 00,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2007/04/05 17:51:52 | 00,000,464 | ---- | C] () -- C:\Windows\SIERRA.INI
[2007/03/25 12:01:20 | 00,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2007/03/24 06:31:05 | 00,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2007/03/20 17:54:38 | 00,072,192 | ---- | C] () -- C:\Users\MICHELLE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/16 02:39:57 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/03/16 02:39:38 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/03/16 02:39:28 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/03/15 19:07:17 | 00,000,444 | ---- | C] () -- C:\Windows\wininit.ini
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1997/11/17 16:13:16 | 00,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
========== LOP Check ========== [2007/08/03 23:40:28 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\aignes
[2009/05/30 21:26:14 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\CallingID
[2007/10/15 16:30:26 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\CNN
[2008/12/19 23:01:54 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/10/09 20:25:49 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Comcast
[2009/12/29 09:49:44 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\ComcastToolbar
[2008/11/15 22:10:18 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\CVS
[2009/12/03 21:41:25 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Datel
[2009/06/19 04:29:35 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\GARMIN
[2009/09/19 18:53:23 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\GetRightToGo
[2007/12/22 17:53:59 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Image Zone Express
[2009/09/20 13:17:42 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\KeePass
[2009/03/23 18:26:19 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Lexmark Productivity Studio
[2008/10/26 04:53:34 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Morpheus Software
[2009/06/18 20:14:55 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Panasonic
[2007/04/08 15:39:38 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Sammsoft
[2008/10/09 19:41:04 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Simple Star
[2009/03/18 21:47:40 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Temp
[2009/03/15 13:01:09 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Thinstall
[2009/07/29 22:35:23 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Vso
[2008/04/10 19:20:49 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\W Photo Studio Viewer
[2009/07/17 18:28:44 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\WebGuide
[2009/07/28 19:07:19 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\WinFF
[2008/02/15 05:18:25 | 00,000,000 | ---D | M] -- C:\Users\MICHELLE\AppData\Roaming\Yapta
[2009/12/15 01:00:02 | 00,000,346 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010/01/01 01:00:07 | 00,000,338 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/01/01 16:47:36 | 00,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/01/02 19:30:15 | 00,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{43A518E6-C34F-4385-927F-75DDE5105BDE}.job
[2010/01/02 19:31:00 | 00,000,390 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4EF27C85-EE55-495F-80F8-3060E4B8A57A}.job
[2010/01/02 19:30:00 | 00,000,390 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5F21486F-FCF4-4E72-B917-B2262D5A96A6}.job
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\srsvc.dll /s > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice /s > ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\MICHELLE\Documents\TuneClone:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MICHELLE\Documents\My Snapfire Shows:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MICHELLE\Documents\Downloaded Program Updates:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MICHELLE\Documents\Billy_Joel-8-We_Didn't_Start_The_Fire.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MICHELLE\Desktop\TRAVEL:Roxio EMC Stream
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0B174FAE
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:70B3C619
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
Extras.Txt Log:
TL Extras logfile created on: 1/2/2010 7:24:58 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\MICHELLE\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.74 Gb Total Space | 26.30 Gb Free Space | 26.37% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.40 Gb Free Space | 44.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MICHELLE-PC
Current User Name: MICHELLE
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D1BFAC-F176-489D-A9C4-E4F256891762}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{05933E31-DFE4-4F3F-9C68-745BAFD373DA}" = rport=10244 | protocol=6 | dir=out | app=system |
"{065DC6CE-AA6A-4F92-85F9-55820847AACC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{08C6AED7-AB99-452A-AC60-D82D898A4A2F}" = lport=10244 | protocol=6 | dir=in | app=system |
"{0938EC74-671D-4908-98F5-A54A8CAAE687}" = lport=58550 | protocol=6 | dir=in | name=webguide |
"{0A48AF4B-1FFD-43A2-B016-C2E8A28EE492}" = rport=10243 | protocol=6 | dir=out | app=system |
"{113E2CC1-780A-4BF8-B7C1-B3FF4148DC64}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{12E6CB47-5EA8-45A7-A3DB-8A156D450021}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{20E5987E-B330-42BA-883F-7A40A9562D1B}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{22D43C65-923D-4FEC-AC70-FCE639B4673B}" = lport=58551 | protocol=6 | dir=in | name=webguide |
"{30981F32-12C5-4470-8C38-FA6E8E47D508}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{34F00452-FE1A-4FA9-8D38-9DE6E9FEE6A2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3A625C5B-AD1F-4CB8-BCBA-01804C1905B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{413EB676-A8DA-4463-BA1B-E12A00E66CB3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45C3BD53-1AA6-483A-B85E-C4F46EEE6704}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{45F13F1C-B112-4F27-82E7-A1C61055E590}" = lport=10244 | protocol=6 | dir=in | app=system |
"{475BB869-2BE4-468A-9618-D070766EA51B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{47A8A340-7F92-44F8-9C7C-A11E91D54819}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4D1347E6-A034-498E-941D-EF3BB01AA0E7}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{4E8B99E9-C23A-462C-AA5E-6827D9834981}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{6668B5B0-2189-4569-B46B-890E97F8A911}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{676A8197-D71A-4180-9CB3-6933F561401E}" = rport=10244 | protocol=6 | dir=out | app=system |
"{6983D767-1555-43B9-A419-21D0FF55ED29}" = lport=3390 | protocol=6 | dir=in | app=system |
"{6D43A19E-7993-4D5B-B5F8-0523D97B53C6}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{82C2E5F6-3A7E-4B4C-BD7C-BAE7457F5B58}" = lport=80 | protocol=6 | dir=in | app=system |
"{8685F2DD-61B0-415F-9BCD-5EE4F2F53BF3}" = lport=3390 | protocol=6 | dir=in | app=system |
"{8C541CBC-5A02-4515-8D8D-42BB0C50ACEF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9322A4A5-C324-4F38-A005-B5792C84B593}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{9638770B-3FE6-473E-AEE8-8FEC1959E026}" = lport=9323 | protocol=6 | dir=in | name=ekdiscovery |
"{992B4C3F-356F-4C81-BC53-D6414AC300D9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{99AB9CD1-DD61-4585-BF03-D61BBC51FAA4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A32CF72E-D51B-4267-8BE4-AE19BE21EB10}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{B065A707-6669-438D-BC37-B44A2C466DFD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BFBD07FC-92EA-4E9C-8526-9DFD93DBD07E}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{CFBFBDB8-24E6-4BB6-856C-2ABBD043F13C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D07DFF13-CA20-4516-BB30-02CF996EB4E6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{D55298AB-D276-4704-BA32-D5021F14EB2F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D959291F-223B-41A8-80AA-CDAC2FA096D8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DEE0B939-F9C4-410B-A800-5682E34E6964}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{EFDE957D-9947-43E2-B6A7-BA9D55C6ADAE}" = lport=9323 | protocol=6 | dir=in | name=ekdiscovery |
"{FB4381B6-CF82-45AE-A599-71E38F6C1B71}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0004B0A9-C8B9-44FD-A22D-7DF125E745ED}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{0998245D-D615-4AE7-829A-B24486C57F7C}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{0B2FCAB0-00B8-450D-A4AE-02B51CE85656}" = protocol=17 | dir=in | app=c:\program files\dell\mediadirect\mdirect.exe |
"{0B7D2C3A-C882-4D25-86CE-41A35E090C2F}" = protocol=17 | dir=in | app=c:\program files\yapta\yaptasettings.exe |
"{0EB38B8B-C0AA-483F-AFFF-E87291A5DF35}" = dir=in | app=e:\setup\hpznui01.exe |
"{0FE933A4-EF81-402B-ABD4-AC7050A757A5}" = protocol=17 | dir=in | app=c:\program files\yapta\yaptaclient.exe |
"{11B740B1-3991-4977-98EC-952A0313EBF0}" = protocol=6 | dir=in | app=c:\program files\ultidev\cassini web server for asp.net 2.0\ultidevcassinwebserver2a.exe |
"{155798F7-6339-4517-837E-1B66527AA697}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{1ADE7CA6-F4FB-4E47-A15A-83708182282F}" = protocol=6 | dir=in | app=c:\program files\lexmark 4900 series\frun.exe |
"{1DCE3C0D-F2EF-4263-B6E0-7685B50E4C9D}" = protocol=6 | dir=in | app=c:\program files\dellconnect\bin\launch.exe |
"{1FBAF56F-7D89-4C63-9F19-F0407645BCBD}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdrpswx.exe |
"{216E4DDF-DE39-48EA-9C71-C9E50B5DE001}" = protocol=17 | dir=in | app=c:\program files\dellsupport\dsagnt.exe |
"{2208ABAE-84E1-4BA5-88EE-07C05276E0E6}" = protocol=17 | dir=in | app=c:\program files\canon\zoombrowser ex\program\zoombrowser.exe |
"{234C3492-7FB8-4525-B3FB-E208020B7755}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{24CE2F8C-0095-413A-87B4-81026D7DA51A}" = protocol=6 | dir=in | app=c:\windows\system32\lxdrcoms.exe |
"{28B1F9DC-F233-44D6-9137-A6417654E22F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{29F8919D-6F4D-42F3-A705-22EA50E06ADB}" = protocol=6 | dir=in | app=c:\program files\yapta\yaptaclient.exe |
"{36964AF2-35E1-4362-A591-0EA66566C543}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{3ED2C9C4-576B-467C-A65D-10DF23C626EE}" = protocol=6 | dir=in | app=c:\program files\dellconnect\bin\launch.exe |
"{3EE1A3D4-3C15-4AC7-B86C-5996D97A48E9}" = protocol=17 | dir=in | app=c:\program files\dellconnect\bin\launch.exe |
"{4011D4A0-09D4-4F4E-87C4-B5E36878067B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{421580AA-A3BB-435E-AA6B-6A36A87D03E7}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{43F1767D-6D5E-4DEE-B222-9E0D556B9DC9}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{44BFD514-1882-453E-A59B-812450E004F3}" = protocol=6 | dir=in | app=c:\program files\siber systems\ai roboform\passcards.exe |
"{46956F07-0AF5-4008-AE0F-AC754E81351B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{4BDDCE18-AD70-4D5B-A295-85879AD15CA7}" = protocol=17 | dir=in | app=c:\program files\siber systems\ai roboform\identities.exe |
"{4DB974E1-3604-4A81-966F-996C99936230}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{4F0A5109-84D0-44BB-A790-109AC3FEEC8D}" = protocol=17 | dir=in | app=c:\program files\yapta\yaptasettings.exe |
"{5163C7E2-BDA8-4BDD-86CC-2BFD064654FE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{58E8FC9C-19BE-4CBE-9FFB-5F498905BECE}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{5A1DC797-8511-436A-AD79-058576F12F52}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{628C37BC-9B09-4F70-B032-61A98A4E03F4}" = protocol=17 | dir=in | app=c:\program files\google\google desktop search\googledesktop.exe |
"{6519EE98-83B6-4A16-942F-8AA59351424A}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{67146EE9-1929-41AF-A8BB-648215DEDB91}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{679C1439-F3D7-4CFC-8024-04BA1E1ED472}" = protocol=6 | dir=in | app=c:\program files\windows mail\winmail.exe |
"{687E8272-4BCC-40B2-90B2-8341EA97D68C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6B13E0CB-19B7-48AE-90C1-C3FF7992E389}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{6DB90BC2-8E8D-4FE0-AD43-7B71AB86266C}" = protocol=17 | dir=in | app=c:\program files\ultidev\cassini web server for asp.net 2.0\ultidevcassinwebserver2a.exe |
"{6E6349B1-9632-46B5-A507-9A023396B4F7}" = protocol=17 | dir=in | app=c:\program files\common files\acronis\agent\agent.exe |
"{6E9DB860-F919-42C6-AAC0-A08BA17FB620}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{6FE7F10D-4B1E-4BC4-A139-AD78D5905E87}" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{7118B6D4-C204-44B6-B33E-B41E50B2A1E5}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{7186009A-A5D3-46E9-9091-BD75DDDC490C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7380B378-C2D6-46BA-B559-C95FF834CE98}" = protocol=6 | dir=in | app=c:\program files\dell\mediadirect\mdirect.exe |
"{7E6CD9DB-5166-4E6C-A17F-05E77B9079A2}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{82F03D62-F85F-488C-962D-A0D5DCD43A3F}" = protocol=6 | dir=in | app=c:\program files\yapta\yaptasettings.exe |
"{84599512-F9F6-4832-9F46-7DA2D019BCDD}" = protocol=6 | dir=in | app=c:\program files\lexmark 4900 series\lxdramon.exe |
"{86089135-96F2-42C3-99A0-FEEBBC0BC44C}" = protocol=17 | dir=in | app=c:\program files\lexmark 4900 series\frun.exe |
"{89EB68FB-C5D5-42C0-927A-1B4D93A07163}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8C082C5A-1D63-475B-B131-49759BD367F8}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{8F527F52-88FB-4DC2-8715-76DEA6C99864}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{906A78A7-240B-43AE-A613-4F810558BFA9}" = protocol=17 | dir=in | app=c:\program files\canon\zoombrowser ex\program\zoombrowser.exe |
"{94062850-02BD-4DF0-AED9-18FCE59BFF59}" = protocol=17 | dir=in | app=c:\program files\windows mail\winmail.exe |
"{95A59516-1CC0-4612-AD7F-0BEE5F2A66A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{96443789-0E0A-40F5-B1E2-A2EFDAAC31C9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{97DFC081-8E47-4BA8-B33C-EB4134D9C3AA}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdrpswx.exe |
"{983BC193-BB32-45A8-B76F-CAF0D1BFBA21}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{9A36DB03-1B56-42CF-A342-0AB43CFE3488}" = protocol=6 | dir=in | app=c:\program files\acronis\backupandrecovery\mms.exe |
"{9D939F04-BDA2-47FB-B589-FB05B380CAF0}" = protocol=17 | dir=in | app=c:\windows\system32\lxdrcoms.exe |
"{9E3B61B8-5CEB-4EE1-B72E-4FC50200BF07}" = protocol=17 | dir=in | app=c:\program files\dellconnect\bin\launch.exe |
"{9F2492D1-4B78-4120-BE83-9545BC5DE584}" = protocol=17 | dir=in | app=c:\program files\lexmark 4900 series\lxdramon.exe |
"{A1B8B99F-C381-4ECA-89BD-4110793375D7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A250B121-7F24-4B44-9DC8-AC0987E49D8E}" = protocol=6 | dir=in | app=c:\program files\canon\zoombrowser ex\program\zoombrowser.exe |
"{A4BF2964-60BB-41D2-8FF4-909B7B58BD66}" = protocol=6 | dir=in | app=c:\program files\canon\zoombrowser ex\program\zoombrowser.exe |
"{A9770148-CB60-4BD2-8854-2690070542B5}" = protocol=6 | dir=out | app=system |
"{B1554098-2B14-4333-AB0F-53C74A49A14E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B395FE1B-65DE-4E00-942B-1A4BB1F6B459}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B879921C-3A93-4525-8841-167B8F6A97E1}" = protocol=6 | dir=in | app=c:\program files\dellsupport\dsagnt.exe |
"{B88FD737-5383-4179-82B4-74D7539DF820}" = protocol=6 | dir=in | app=c:\program files\yapta\yaptaclient.exe |
"{B9D1E53C-69D6-49A2-B9EA-A24DA08EEABB}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{C1A3343D-F974-4C04-B72D-AF5A38D2ED05}" = protocol=6 | dir=in | app=c:\program files\yapta\yaptasettings.exe |
"{C1BC8A0D-E5FB-45B9-B40F-C7D6407E1097}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C251FD2D-08D8-46B1-860F-A8336C27CFB9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C51532F1-7B99-42F0-8CC6-D21BD55BA605}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C515716B-01E8-4E7A-BD17-1802D40D4BA7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C5E888C1-E51F-4A96-ABE2-DDC1EF00043C}" = protocol=17 | dir=in | app=c:\program files\acronis\backupandrecovery\mms.exe |
"{CE7B810C-CFB6-4B6E-978F-9EE45BFA4B27}" = protocol=17 | dir=in | app=c:\program files\siber systems\ai roboform\passcards.exe |
"{D46D8B0A-3347-4A18-940D-A0825B518D04}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{D669867E-A426-4DBB-9FF6-FF2C5C050BC4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7F36AF8-F5CE-40B9-8B86-294DA9B2A2CA}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{DED20420-21AF-4C2C-A29E-90F31E640E04}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E0E2D955-0239-43E9-BFE6-16A5A27185C2}" = protocol=6 | dir=in | app=c:\program files\common files\acronis\agent\agent.exe |
"{E198FFB7-D2BE-4675-A12A-56BA83A8C914}" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{E451030E-748F-47B0-BB8C-89CD711FD1A5}" = protocol=6 | dir=out | app=system |
"{E64F1CC6-CCCE-4421-8CC8-58F6E4AD9885}" = protocol=6 | dir=in | app=c:\program files\google\google desktop search\googledesktop.exe |
"{E66C97C6-5D24-43B7-A467-CAB0C11B70A9}" = protocol=6 | dir=in | app=c:\program files\siber systems\ai roboform\identities.exe |
"{EBD8BA44-6B9E-4B4A-884A-A3A8D5FA39BF}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{ED6CBBD3-6B02-4778-B34E-BD25CBF4565F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EEF28060-ABC8-4E21-B759-3857B8E1DD11}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{F67336F7-A63F-42DA-88F4-149A08AE938A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{F91C501A-C12A-4608-8DAB-F04D5DE3150A}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{FA189B96-D168-4193-9B46-5844411F2853}" = protocol=17 | dir=in | app=c:\program files\yapta\yaptaclient.exe |
"{FBF9A702-9BC3-4278-8243-4F94D0EB00E9}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{FD1C8B6A-D6B6-4DD5-925E-F164F66A2785}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{FD99BE28-A2EA-4564-9358-F518BCE3C6C8}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"TCP Query User{17DA61C3-4E9D-4C9C-84F2-8C753AC32844}C:\program files\webguide\webguide4\bin\webguide_configuration.exe" = protocol=6 | dir=in | app=c:\program files\webguide\webguide4\bin\webguide_configuration.exe |
"TCP Query User{3D534813-C883-45F3-A789-39270E6E86AC}C:\windows\system32\ctmweb.exe" = protocol=6 | dir=in | app=c:\windows\system32\ctmweb.exe |
"TCP Query User{3EA75441-6FFA-4025-8173-E7BB13E26274}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C83D8481-DADE-4A8D-9C67-B6ECB53C5CD7}C:\program files\msgtag\msgtag.exe" = protocol=6 | dir=in | app=c:\program files\msgtag\msgtag.exe |
"TCP Query User{D2EF6CCE-7207-4147-934C-88127C2D73FC}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{D2F82F5E-FD86-4665-A18B-E84EE1C6F72D}C:\program files\gametap\bin\release\gametap.exe" = protocol=6 | dir=in | app=c:\program files\gametap\bin\release\gametap.exe |
"TCP Query User{D43BA8D4-F7BF-4050-9284-AB50D651E5B5}C:\program files\msgtag\msgtag.exe" = protocol=6 | dir=in | app=c:\program files\msgtag\msgtag.exe |
"TCP Query User{F89360A3-D292-4764-BEC1-6DBB953E01F1}C:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe" = protocol=6 | dir=in | app=c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe |
"UDP Query User{06A092FC-C5E1-4046-BC54-5E33034856D3}C:\program files\webguide\webguide4\bin\webguide_configuration.exe" = protocol=17 | dir=in | app=c:\program files\webguide\webguide4\bin\webguide_configuration.exe |
"UDP Query User{636FDF6B-88D1-4B9F-8F44-CB1FF52F4E2F}C:\program files\msgtag\msgtag.exe" = protocol=17 | dir=in | app=c:\program files\msgtag\msgtag.exe |
"UDP Query User{7352AE6C-4A27-47FB-8819-6698C3D849DD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{9861C908-5E46-4321-ABBC-5E620546A5B4}C:\program files\gametap\bin\release\gametap.exe" = protocol=17 | dir=in | app=c:\program files\gametap\bin\release\gametap.exe |
"UDP Query User{A04EEB63-2E58-4A23-AFAC-0399D4CFE036}C:\program files\msgtag\msgtag.exe" = protocol=17 | dir=in | app=c:\program files\msgtag\msgtag.exe |
"UDP Query User{BD635C9A-0907-4FD2-AFE2-675FAC3D1227}C:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe" = protocol=17 | dir=in | app=c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe |
"UDP Query User{D1EF9AE5-0B50-4485-83E1-43185B9540DF}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{EDAF5A29-FFD8-420C-AA2B-5BA4D35D771F}C:\windows\system32\ctmweb.exe" = protocol=17 | dir=in | app=c:\windows\system32\ctmweb.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001AB29C-5468-4972-8D24-2EBDB2B12133}" = Camera Window DVC
"{001EB665-D9EC-415E-9E13-AD2125B2B992}" = RAW Image Task 2.1
"{0665E2D2-2CF0-47C3-A0BA-11DCEFB0636F}" = Acronis Backup & Recovery 10 Upgrade Tool
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07F6BABF-0653-41A0-BCB7-8C2148AD2F1A}" = Acronis Backup & Recovery 10 Tray Monitor
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{301CC8D1-FE75-41ED-9B11-41F006110950}" = Garmin City Navigator North America NT 2010.10 Update
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40247AAC-AB0D-449C-882F-90401C3351E8}" = UltiDev Cassini Web Server Explorer
"{493BAF04-DA99-9257-B343-E17BB5E687A3}" = ATI Catalyst Control Center Ex
"{4FB3E151-3AFE-458B-8DE8-D8913CCB2527}" = Acronis Backup & Recovery 10 Standalone Management Console
"{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}" = QuickSet
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{5C74694C-A687-E3EB-FF18-B018D4A76ECD}" = Adobe Media Player
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{6693BD7C-CB4E-43AC-A0D6-10D1A1B88DCF}" = Canon PhotoRecord
"{68D27126-BF6A-457D-8DD0-5F35E8D41310}" = MovieEdit Task
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}" = Camera Window DS
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E4BEB77-BEA9-4544-AB74-06EDE6CE3D39}" = Comcast User Setup
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher
"{89EB3ED7-225A-412E-B048-623D502C000F}" = Camera Window MC
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90859A61-C317-48B9-8E31-4B742611FD19}" = Acronis Backup & Recovery 10 Agent
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload Software
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C9C0C251-3ECD-4DBC-A30F-1D996BC78400}" = WebGuide4
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D032F86A-0539-4737-816A-1AB40F1BF14D}" = C4USelfUpdater
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D9C8DEF8-D07B-4164-BEF0-6D879A70C212}" = Microsoft Easy Assist v2
"{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}" = Garmin POI Loader
"{DB6BD5D5-8482-45C0-99CF-745C5B924497}" = WOT for Internet Explorer
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F477D623-9670-430C-87A5-997EF5F66D6D}" = Malwarebytes' Anti-Malware IP Policy Shortcuts
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}" = Garmin Communicator Plugin
"{F6C8DAED-8CC7-43FD-9DA4-1F629B873A17}" = UltiDev Cassini Web Server for ASP.NET 2.0
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE361859-B039-4E17-96AC-D111183DCF99}" = Acronis Backup & Recovery 10 Bootable Components and Media Builder
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Accent_on_Interactivity_1.0" = Accent on Interactivity 1.6
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AI RoboForm" = AI RoboForm (All Users)
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ComcastToolbar" = Comcast Toolbar
"Coupon Printer for Windows2.0" = Coupon Printer for Windows
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"esClient" = Echospin Delivery Wizard
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.508
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Indeo® software" = Indeo® software
"InstallShield_{001AB29C-5468-4972-8D24-2EBDB2B12133}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{001EB665-D9EC-415E-9E13-AD2125B2B992}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{68D27126-BF6A-457D-8DD0-5F35E8D41310}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{89EB3ED7-225A-412E-B048-623D502C000F}" = Canon Camera Window MC 5 for ZoomBrowser EX
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"Lexmark 4900 Series" = Lexmark 4900 Series
"Malwarebytes' Anti-Malware IP Policy Shortcuts" = Malwarebytes' Anti-Malware IP Policy Shortcuts
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16)
"MSC" = McAfee SecurityCenter
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneClone_is1" = TuneClone 1.20
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinRAR archiver" = WinRAR archiver
"Yahoo! Photos Easy Upload Tool" = Yahoo! Photos Easy Upload Tool
"Yapta" = Yapta
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 8/17/2008 12:00:03 AM | Computer Name = MICHELLE-PC | Source = SPP | ID = 12290
Description =
Error - 8/18/2008 12:56:04 AM | Computer Name = MICHELLE-PC | Source = SPP | ID = 12290
Description =
Error - 8/19/2008 11:02:43 PM | Computer Name = MICHELLE-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 8/19/2008 11:02:47 PM | Computer Name = MICHELLE-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 8/20/2008 7:50:09 AM | Computer Name = MICHELLE-PC | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 8.1.0.137, time stamp 0x46444e37,
faulting module AcroRd32.dll, version 8.1.2.86, time stamp 0x478854a9, exception
code 0xc0000005, fault offset 0x000961a2, process id 0xf64, application start time
0x01c902ba5ac82ad0.
Error - 8/20/2008 7:21:03 PM | Computer Name = MICHELLE-PC | Source = EventSystem | ID = 4622
Description =
Error - 8/20/2008 7:21:03 PM | Computer Name = MICHELLE-PC | Source = EventSystem | ID = 4621
Description =
Error - 8/21/2008 1:45:12 AM | Computer Name = MICHELLE-PC | Source = SPP | ID = 12290
Description =
Error - 8/21/2008 7:51:35 AM | Computer Name = MICHELLE-PC | Source = EventSystem | ID = 4621
Description =
Error - 8/21/2008 9:07:50 PM | Computer Name = MICHELLE-PC | Source = SPP | ID = 12290
Description =
[ Media Center Events ]
Error - 7/8/2009 8:07:22 PM | Computer Name = MICHELLE-PC | Source = Mcx2Dvcs | ID = 401
Description =
Error - 7/8/2009 8:18:55 PM | Computer Name = MICHELLE-PC | Source = Mcx2Dvcs | ID = 405
Description =
Error - 7/8/2009 8:21:24 PM | Computer Name = MICHELLE-PC | Source = Mcx2Dvcs | ID = 405
Description =
Error - 7/15/2009 6:39:29 PM | Computer Name = MICHELLE-PC | Source = Mcx2Dvcs | ID = 405
Description =
Error - 7/15/2009 8:30:14 PM | Computer Name = MICHELLE-PC | Source = Mcx2Dvcs | ID = 405
Description =
Error - 7/15/2009 8:34:09 PM | Computer Name = MICHELLE-PC | Source = Mcx2Dvcs | ID = 405
Description =
Error - 7/17/2009 7:30:39 PM | Computer Name = MICHELLE-PC | Source = Mcx2Svc | ID = 301
Description =
Error - 7/17/2009 7:31:03 PM | Computer Name = MICHELLE-PC | Source = Mcx2Svc | ID = 301
Description =
Error - 7/17/2009 7:31:26 PM | Computer Name = MICHELLE-PC | Source = Mcx2Svc | ID = 301
Description =
Error - 7/17/2009 7:31:47 PM | Computer Name = MICHELLE-PC | Source = Mcx2Svc | ID = 301
Description =
[ OSession Events ]
Error - 2/7/2009 6:43:34 PM | Computer Name = MICHELLE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6808
seconds with 480 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 9/9/2009 5:34:04 AM | Computer Name = MICHELLE-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 9/9/2009 5:34:30 AM | Computer Name = MICHELLE-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 9/9/2009 5:34:31 AM | Computer Name = MICHELLE-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 9/9/2009 5:34:42 AM | Computer Name = MICHELLE-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 9/9/2009 5:34:42 AM | Computer Name = MICHELLE-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 9/9/2009 5:34:53 AM | Computer Name = MICHELLE-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 9/9/2009 5:34:53 AM | Computer Name = MICHELLE-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 9/9/2009 5:34:59 AM | Computer Name = MICHELLE-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 9/9/2009 5:34:59 AM | Computer Name = MICHELLE-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 9/9/2009 5:37:22 AM | Computer Name = MICHELLE-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:35:29 AM on 9/9/2009 was unexpected.
< End of report >