Hello all. Im not new here, but this is my first post, as Im totally stumped. Usually the Malware scan fixes me up and Im gone, but not this time. What Im getting is total freezing on my laptop anywhere from 2 to 30 minutes after a boot. i have to do a hard power down, which Im sure is killing my machine slowly. Malware scan initially found 1 trojan (Bifrose) and removed it, but the problem persisted. I ran several other trusted scans from the net and altogether found another 3 or 4 trojans and a Backdoor. removed without hassle. STILL freezing.
NOTE: I CANNOT get GMER to complete, so I dont have a log for that. it fails right away.
Let me know if you need anything else. I hope someone can help me. Im going mental over here.
Thank you
here are my logs...
Malwarebytes' Anti-Malware 1.44
Database version: 3794
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005
2/25/2010 9:45:43 PM
mbam-log-2010-02-25 (21-45-43).txt
Scan type: Quick Scan
Objects scanned: 112915
Time elapsed: 5 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
OTL logfile created on: 2/25/2010 10:09:34 PM - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = C:\Users\Jay\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.40 Gb Total Space | 109.32 Gb Free Space | 49.38% Space Free | Partition Type: NTFS
Drive D: | 11.48 Gb Total Space | 2.17 Gb Free Space | 18.93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JAY-PC
Current User Name: Jay
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/02/25 21:48:58 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.exe
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2009/11/24 18:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/31 10:25:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/04/11 01:27:39 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/08 14:50:04 | 000,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe
PRC - [2008/10/25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/10/24 08:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/10/15 01:04:34 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2008/06/02 02:55:22 | 000,080,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
PRC - [2008/01/20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/19 21:27:50 | 000,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2007/12/06 16:13:22 | 000,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2007/12/05 18:30:40 | 000,144,688 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2007/10/03 18:15:40 | 000,480,560 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2007/10/03 17:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 17:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/09/26 10:34:40 | 000,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2007/08/28 07:43:14 | 000,252,440 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2007/08/28 07:43:10 | 000,137,752 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2007/08/28 07:43:02 | 000,154,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2007/08/23 16:40:48 | 000,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/07/10 09:28:08 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/06/30 05:14:36 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
PRC - [2007/06/06 04:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApntEx.exe
PRC - [2007/05/22 02:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApMsgFwd.exe
PRC - [2007/04/24 18:24:16 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxbfcoms.exe
PRC - [2007/01/09 04:25:30 | 000,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
========== Modules (SafeList) ==========
MOD - [2010/02/25 21:48:58 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/08 11:31:36 | 000,313,840 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2009/07/08 11:31:32 | 000,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2009/07/08 11:31:12 | 001,108,464 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2009/03/30 21:13:44 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/01/30 21:09:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/06 22:20:56 | 000,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/12/06 22:20:52 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/12/05 18:30:40 | 000,144,688 | R--- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2007/10/03 17:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/09/19 20:30:52 | 000,065,536 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2007/08/23 16:40:48 | 000,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/07/10 09:28:08 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/04/24 18:24:16 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbfcoms.exe -- (lxbf_device)
SRV - [2007/03/05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/01/09 04:25:30 | 000,272,024 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/10/22 06:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...o&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...o&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...o&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2009/09/19 20:13:34 | 000,000,743 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} https://ediagnostics....com/serval.cab (Lexmark eDiagnostics Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Jay\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jay\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/27 22:56:47 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{1025f0e9-9670-11dd-a377-001eec768616}\Shell - "" = AutoRun
O33 - MountPoints2\{1025f0e9-9670-11dd-a377-001eec768616}\Shell\AutoRun\command - "" = F:\Lw_3.0.1.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 21:34:27 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 14 Days ==========
[2010/02/25 21:48:50 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.exe
[2010/02/25 21:03:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/25 21:03:06 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/02/25 21:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/25 21:01:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/02/25 21:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/02/25 20:57:45 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Users\Jay\Desktop\TFC.exe
[2010/02/25 20:43:02 | 000,000,000 | ---D | C] -- C:\Users\Jay\Documents\Simply Super Software
[2010/02/25 20:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/02/25 13:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/02/25 00:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared Anti-Malware
[2010/02/24 01:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bifrose Trojan Removal Tool[1]
[2010/02/22 19:34:06 | 000,000,000 | ---D | C] -- C:\Users\Jay\Desktop\Linkword_language_Portuguese_1-2&3
[2008/08/18 00:41:23 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbfserv.dll
[2008/08/18 00:41:23 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbfusb1.dll
[2008/08/18 00:41:23 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbfpmui.dll
[2008/08/18 00:41:23 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbflmpm.dll
[2008/08/18 00:41:23 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbfinpa.dll
[2008/08/18 00:41:23 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbfiesc.dll
[2008/08/18 00:41:23 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBFhcp.dll
[2008/08/18 00:41:23 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbfprox.dll
[2008/08/18 00:41:23 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbfpplc.dll
[2008/08/18 00:41:22 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbfhbn3.dll
[2008/08/18 00:41:21 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbfcomc.dll
[2008/08/18 00:41:21 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbfcomm.dll
========== Files - Modified Within 14 Days ==========
[2010/02/25 22:11:30 | 003,670,016 | -HS- | M] () -- C:\Users\Jay\ntuser.dat
[2010/02/25 22:09:16 | 000,000,279 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/02/25 22:06:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/25 22:06:37 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/25 22:06:37 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/25 22:06:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/25 22:06:23 | 3210,756,096 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/25 22:05:28 | 000,524,288 | -HS- | M] () -- C:\Users\Jay\ntuser.dat{b9221454-12c4-11df-abe5-001eec768616}.TMContainer00000000000000000001.regtrans-ms
[2010/02/25 22:05:28 | 000,065,536 | -HS- | M] () -- C:\Users\Jay\ntuser.dat{b9221454-12c4-11df-abe5-001eec768616}.TM.blf
[2010/02/25 21:48:58 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Jay\Desktop\OTL.exe
[2010/02/25 21:47:22 | 000,284,915 | ---- | M] () -- C:\Users\Jay\Desktop\gmer.zip
[2010/02/25 21:03:10 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/25 21:00:52 | 000,000,733 | ---- | M] () -- C:\Users\Jay\Desktop\NTREGOPT.lnk
[2010/02/25 21:00:52 | 000,000,714 | ---- | M] () -- C:\Users\Jay\Desktop\ERUNT.lnk
[2010/02/25 20:57:51 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Users\Jay\Desktop\TFC.exe
[2010/02/25 18:17:56 | 000,089,600 | ---- | M] () -- C:\Users\Jay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/23 12:08:49 | 000,123,696 | ---- | M] () -- C:\Users\Jay\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/23 12:07:43 | 000,435,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/18 20:35:02 | 733,952,000 | ---- | M] () -- C:\Users\Jay\Documents\The.Bad.Lieutenant.Port.of.Call.New.Orleans.LIMITED.DVDRip.XviD-NeDiVx.avi
[2010/02/13 02:49:51 | 127,762,260 | ---- | M] () -- C:\Windows\MEMORY.DMP
========== Files Created - No Company Name ==========
[2010/02/25 22:06:23 | 3210,756,096 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/25 22:06:23 | 3210,756,096 | -HS- | C] () --
[2010/02/25 21:47:18 | 000,284,915 | ---- | C] () -- C:\Users\Jay\Desktop\gmer.zip
[2010/02/25 21:03:10 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/25 21:00:52 | 000,000,733 | ---- | C] () -- C:\Users\Jay\Desktop\NTREGOPT.lnk
[2010/02/25 21:00:52 | 000,000,714 | ---- | C] () -- C:\Users\Jay\Desktop\ERUNT.lnk
[2010/02/25 20:43:01 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010/02/25 20:43:01 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar3.dll
[2010/02/25 20:43:01 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010/02/25 20:43:01 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010/02/18 19:01:21 | 733,952,000 | ---- | C] () -- C:\Users\Jay\Documents\The.Bad.Lieutenant.Port.of.Call.New.Orleans.LIMITED.DVDRip.XviD-NeDiVx.avi
[2010/02/05 20:58:36 | 000,000,036 | ---- | C] () -- C:\Users\Jay\AppData\Local\housecall.guid.cache
[2009/09/28 22:50:02 | 000,002,328 | ---- | C] () -- \RootRepeal report 09-28-09 (23-50-02).txt
[2009/09/21 22:46:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/19 16:39:11 | 000,000,680 | ---- | C] () -- C:\Users\Jay\AppData\Local\d3d9caps.dat
[2009/08/29 19:22:23 | 000,000,000 | ---- | C] () -- C:\Users\Jay\AppData\Local\FnF4.txt
[2009/06/05 02:40:50 | 000,000,150 | ---- | C] () -- \lxbf.log
[2008/10/02 20:34:18 | 000,009,496 | ---- | C] () -- \avi_log.txt
[2008/10/02 20:34:13 | 002,255,360 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008/10/02 20:34:13 | 000,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008/10/02 20:34:13 | 000,262,144 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2008/10/02 20:34:13 | 000,112,640 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2008/09/04 15:11:30 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/08/18 00:41:24 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBFinst.dll
[2008/08/18 00:41:23 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbfutil.dll
[2008/08/17 21:10:50 | 000,000,403 | ---- | C] () -- C:\Windows\lexstat.ini
[2008/08/17 21:03:06 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2008/08/17 21:03:06 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2008/08/16 17:02:23 | 000,000,522 | ---- | C] () -- \BDELog.txt
[2008/08/11 20:51:23 | 000,089,600 | ---- | C] () -- C:\Users\Jay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/11 19:38:44 | 000,000,000 | ---- | C] () -- C:\Users\Jay\AppData\Local\QSwitch.txt
[2008/08/11 19:38:44 | 000,000,000 | ---- | C] () -- C:\Users\Jay\AppData\Local\DSwitch.txt
[2008/08/11 19:38:44 | 000,000,000 | ---- | C] () -- C:\Users\Jay\AppData\Local\AtStart.txt
[2008/08/11 19:27:49 | 000,000,373 | -H-- | C] () -- \IPH.PH
[2008/06/23 20:55:15 | 000,155,648 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2008/06/23 20:39:41 | 3524,546,560 | -HS- | C] () --
[2008/02/08 01:49:06 | 000,333,257 | RHS- | C] () -- \bootmgr
[2007/12/27 16:05:28 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/08/20 07:34:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll
[2007/08/20 07:25:00 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/20 07:10:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/03/10 06:51:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/02/22 17:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbfcoin.dll
[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:23:09 | 000,000,074 | ---- | C] () -- \autoexec.bat
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:08 | 000,000,010 | ---- | C] () -- \config.sys
[2006/02/25 13:09:38 | 000,774,144 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2006/01/12 09:24:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbfvs.dll
[2005/09/13 16:27:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbfcnv4.dll
========== LOP Check ==========
[2010/02/25 15:43:15 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2007/01/13 01:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
< MD5 for: IASTOR.SYS >
[2007/09/30 01:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007/09/30 07:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\SwSetup\Drivers\IMSM\Files\64\iastor.sys
[2007/09/30 01:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/09/30 07:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\SwSetup\Drivers\IMSM\Files\32\iastor.sys
[2007/09/30 01:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007/09/30 01:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
< MD5 for: IASTORV.SYS >
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008/01/20 21:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/20 21:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2008/01/20 21:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/09/04 15:11:30 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\Users\Jay\Documents\The Wrestler[2008]DvDrip-MAX.avi:TOC.WMV
@Alternate Data Stream - 16 bytes -> C:\Users\Jay\Documents\Payments:Shareaza.GUID
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:1299CD38
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:FD474014
< End of report >
OTL Extras logfile created on: 2/25/2010 10:09:34 PM - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = C:\Users\Jay\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.40 Gb Total Space | 109.32 Gb Free Space | 49.38% Space Free | Partition Type: NTFS
Drive D: | 11.48 Gb Total Space | 2.17 Gb Free Space | 18.93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JAY-PC
Current User Name: Jay
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0139172C-FF69-4CBC-8E41-52EBED084186}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{013E01C4-7497-4208-90D7-EB231952E846}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{040A3B57-BA66-4A34-A5B9-65750FC52800}" = lport=445 | protocol=6 | dir=in | app=system |
"{067A1B0B-6C7A-4EAF-87C3-764ECECBF47A}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
"{08111FAD-F77D-42D1-ABFA-3BA80513C36D}" = lport=2178 | protocol=6 | dir=in | app=system |
"{094843F2-81F9-42C3-A809-0AF73AAD010B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{095E5210-F784-4286-A307-8C22FDEB7BAF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{0B69350E-19BD-4EE1-ACED-CD3A00A6B415}" = lport=6346 | protocol=6 | dir=in | name=shareaza |
"{164FEA01-AAF8-4B43-BDD1-9D4C683069EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{16D93E9A-13AD-482C-AC33-C2A4BF74FEF2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{18020DF9-BC6C-4CAD-9BFE-029820C99BC2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{2149C136-20DB-41BC-AABD-E23819AE6BA5}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{224DF3EB-3CE2-4FAF-A18D-EDBB80E4A3D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{23757316-26B2-49AC-9740-0CF75A3B8594}" = lport=445 | protocol=6 | dir=in | app=system |
"{25267BE5-7C00-4DFE-AB3C-071E96122BBF}" = lport=10244 | protocol=6 | dir=in | app=system |
"{2672D2F5-6952-4927-97E1-0DB19C97D67C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{27E80847-3317-42A0-93B9-A1102CB7C450}" = lport=445 | protocol=6 | dir=in | app=system |
"{2A767673-12B5-4971-ADBF-069FD4645D63}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{2E19B3ED-6631-45DD-A743-FBADBFD96231}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{31741F64-F059-4C7C-A2E8-CCDBA70F5D6E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{3798A59B-C759-47EF-BFFF-A5D0123DB9AE}" = lport=138 | protocol=17 | dir=in | app=system |
"{39D3B2AD-7213-463B-8F86-69A9CFBCABAF}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{3EEDD585-65B1-450E-B15D-C6B62419929E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{40A1E55F-7F0A-4140-BDAE-44489FB8BE74}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{4234AB03-4E54-47C0-A16F-C190224B80D9}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe |
"{4537D50D-9EE0-41C0-9DFA-BAB2F0420F8A}" = lport=5357 | protocol=6 | dir=in | app=system |
"{484714BE-B95D-45E3-A8DA-740326AC5288}" = lport=445 | protocol=6 | dir=in | app=system |
"{4DF95700-547D-44C3-917C-E52EAB9AB837}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{4E496CE2-5672-44E9-B10C-D2A0187D5C97}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{4ED2E711-D3DE-48AA-98ED-DB1F173E1899}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{54DD3DB8-DBBB-4CC1-A951-C5EF27C18022}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{55D34C53-D8CD-4E77-894D-7C039D909BE0}" = rport=5358 | protocol=6 | dir=out | app=system |
"{5624EDFF-B877-4DC0-9B65-B0D12D3650F9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{572DB851-7FC1-4D21-AE99-955EB2146B52}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{5B97555C-864C-4946-A7AE-47DC16FDBD48}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{5BA43A35-8481-473A-93AD-B30A2A2FA6D1}" = rport=138 | protocol=17 | dir=out | app=system |
"{5C1DCDA5-0980-49B9-957D-A3DAD4504230}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{5DB00F80-3775-46F3-A48E-0ED4294BDB8C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{5E31D87E-15C4-41C6-BB0D-C08C0562AA55}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=c:\windows\system32\svchost.exe |
"{6A0C6CD9-EB58-48C9-931D-4C019089974D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{6D3B40BE-68DE-4376-8A76-D4BD89CED362}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{6E58C2F5-6956-41FA-902E-A6B235DA57E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{710C1FF5-8BBE-4090-B58C-FB05E6430EA2}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
"{7370BBE3-B1A5-465B-B2D3-E90E5630AAB6}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=c:\windows\system32\svchost.exe |
"{76D41DCD-0B24-46E3-AC53-258874712146}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{77D9161F-5A58-4DAB-B92F-85D4992589A3}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=c:\windows\system32\svchost.exe |
"{77D97B19-EB60-41B3-B7FA-53EC95A0700B}" = lport=5358 | protocol=6 | dir=in | app=system |
"{78A9E70A-A9CF-4151-B8C8-D9605D646897}" = rport=1723 | protocol=6 | dir=out | app=system |
"{7A90DEF4-C459-4782-9E52-589795137EC7}" = rport=137 | protocol=17 | dir=out | app=system |
"{7AC0B276-1691-4488-B71F-3BD9D772F393}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe |
"{7B26B37F-0918-4393-958C-607A9A79F380}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{7B494E58-DDA1-43FB-B0D9-FC7E26193102}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{7C1E6E25-658E-4825-8C45-ECE39138D3B3}" = rport=445 | protocol=6 | dir=out | app=system |
"{8203D683-286F-43A9-9A04-D37F9D5B2A1D}" = lport=443 | protocol=6 | dir=in | app=system |
"{859010D0-8E29-4365-A8A4-97BF72BA6D3D}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{85ED2049-420F-4F8E-B4B7-F99F6481924B}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{87221B9A-2145-4C80-816D-3E52897DDEE3}" = lport=1701 | protocol=17 | dir=in | app=system |
"{8F34CEC1-5FB9-4ED3-97F4-F52ADCE07118}" = rport=2178 | protocol=6 | dir=out | app=system |
"{9222ED9E-3F4C-4182-8A8E-A898B938EFAD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{9B4CD4E2-7584-456F-99FF-30767F480F84}" = rport=139 | protocol=6 | dir=out | app=system |
"{9BB45078-4352-42B7-9069-B96D1C90C90B}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{9DBCFA1E-DC2D-4739-9588-CC69AC350D03}" = lport=3390 | protocol=6 | dir=in | app=system |
"{9DED5522-B42C-40F8-9E60-7A618967B32B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{A72551C9-03A6-44FC-BB30-F0EF34C09CEE}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{A736ED6F-1BF7-438D-9184-9F69CDABAB9A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{A845C35E-09EA-4BFC-A997-D809DCAE22C0}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe |
"{AC648354-AE62-4C37-8216-4FB6CA4E55C7}" = lport=137 | protocol=17 | dir=in | app=system |
"{B67A20F1-CD6B-46B5-B73F-095F9ACABA72}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=c:\windows\system32\snmptrap.exe |
"{BAF73ADE-5225-4DA9-BA86-97E91C4BA879}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{BC4EFE33-63C2-4C53-95EE-D54C5266DF25}" = rport=1701 | protocol=17 | dir=out | app=system |
"{BE53D683-CF78-4888-8E42-AAD1790B27C6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{BE895B05-E6FE-4D35-9B84-D2E82DCCC18C}" = rport=5357 | protocol=6 | dir=out | app=system |
"{C24A272E-CF9C-4C46-B359-DE7A4536D454}" = lport=139 | protocol=6 | dir=in | app=system |
"{C3930EE3-8361-4892-B8C8-C169C605909A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C4340FC6-E7C7-4807-AC67-FBED2EF1B00B}" = lport=80 | protocol=6 | dir=in | app=system |
"{C5291EC9-03A0-4491-AB0F-491A770F6F7C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{CBF9FF22-681B-4FE1-A1AA-01A60B53991E}" = rport=10244 | protocol=6 | dir=out | app=system |
"{CCB361F3-682A-49B9-94A9-4B2855DD0161}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D605BE07-858D-49AE-A054-4624B056EE8A}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe |
"{D6FD2BA5-DF98-4EAD-BCAB-AB93055E4346}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{D7B38AFB-DE0F-41AC-89E9-2FE277A0F286}" = lport=445 | protocol=6 | dir=in | app=system |
"{D7ED452E-AF28-4B44-91AE-1FD0F458C5D3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{DD96B13C-A32F-415C-9A92-77D401E301BB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{DDB4F525-4D4D-457C-A149-3DA4CDDDD081}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E2CF4CB9-AE14-41F7-B15D-F67C9E63BFDC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{E671A6EE-DBBE-48F2-9DEC-75AFB16BCDB1}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{E77CB3CC-4CB9-4CEC-B711-C9901A386015}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{E8997146-51D5-4003-B2FB-3F8E34E91C2A}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe |
"{EC07B8B6-699E-444E-8CF9-633CB0BA7573}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{EF260929-E210-402A-B4F2-BB78CD6D1B45}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F03B78A0-7EB1-4253-A9B0-80B920EEF8FA}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe |
"{F0C20ADC-17B9-49B6-8E71-A5E747B1D198}" = lport=1723 | protocol=6 | dir=in | app=system |
"{F12C1307-AA0B-407E-B65D-2C841EA967DC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F1C2B211-E8C3-41F3-ADD3-8C2DFCBA3E88}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{F45B0E2A-4DD8-4ABF-88E3-9251BA883838}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{F95F4CA4-9A0A-4C5A-AB2B-E61FD5F4C67C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{FC5A374F-7B60-4753-BAC7-12386607096E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{FD25DF4F-0C3C-4C6A-9BFD-B01E391FB779}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FEED7BB7-D0FB-45F5-BBD0-30327E2283A9}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008FA9B1-2A63-4C71-A6D4-6487BAFDD144}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbfpswx.exe |
"{06C74E53-7EBE-4BAA-8488-4B9D4BF27019}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{0A087BE7-7B9A-4839-B0CE-6B9227279E92}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{0D4B820C-DEAA-4035-A019-784F715B3EB5}" = protocol=6 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{1047D27E-77FC-463D-AB30-8E0126BC1500}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{1102374A-8557-4E50-9725-150F6A74DB08}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe |
"{1CA3F45F-E77B-4885-95A6-8DB1ABAE1758}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{1DAA67C9-A8D4-4972-98EF-331FB3330C8D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1F708E8D-E933-4257-A379-EC5B8EC6B40C}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{2133A095-F898-4512-80B8-40396EB3CADD}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{28984C7F-0ECB-43BB-8DE8-BDDBA066A4F8}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{2B499ABD-C47F-480C-91A0-9EF8B15F3DA2}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{2F680738-CE85-4C5D-9ABB-F946BD2E2E28}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{31B9F400-6F32-40F6-945B-A564563E2AEF}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{32BE5430-B82C-45D0-8AD8-CD33DFD3E6F5}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{43289CDF-FCAC-4013-86CC-FF63DEC04A4C}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{462F7076-BD88-4FE8-9B13-85222CBD9996}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{4837C3AF-DF87-42B0-8E15-0F2959EA02AB}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{50698F16-448B-4885-9702-9259322C376F}" = protocol=6 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{50822797-4670-4B5B-AFE1-FB4639DAD9AA}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe |
"{510A2B05-3CC2-428D-8B50-A45D00E16DD6}" = protocol=6 | dir=in | app=c:\windows\system32\msdtc.exe |
"{5647EDD0-D9BE-48F9-8DA6-21D3C055361B}" = protocol=17 | dir=in | app=c:\windows\system32\p2p networking\p2p networking.exe |
"{5A2E44E1-EB43-4EF6-8644-04D2BA333C6B}" = protocol=17 | dir=in | app=c:\windows\system32\lxbfcoms.exe |
"{5CCE8153-BCE5-4B3F-9149-53BC7116AAB8}" = protocol=6 | dir=out | app=c:\windows\system32\msra.exe |
"{5DBFF4D6-8A9D-40FD-A9AF-2C104DAA7163}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{5DEA40DC-0E7F-458F-8626-EBE23974CB41}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{60DBBE2B-E8F1-4CC8-9AA9-D52452BF9D38}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{61E2B029-6478-4220-BA1D-F21E67E33BD0}" = dir=in | app=support inrosettastoneltdservices.exe |
"{69D868E8-9B87-4835-B624-64C9D1F96567}" = protocol=6 | dir=in | app=c:\windows\system32\p2p networking\p2p networking.exe |
"{6CCFE986-81BB-4A74-B878-F91E0CB000D0}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{6FAA8710-5F8C-4875-BE76-15B0E4489B30}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{7591D499-0E8D-4902-A8F8-9CE958964E66}" = protocol=6 | dir=out | app=system |
"{77D111D1-AD4B-47D5-953E-12D617B6D351}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{788F5131-2A82-477F-A74A-8418E071F4A3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{78F5E097-938B-4230-A05E-E5C2F241A798}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{81E7793D-41C7-4462-91CF-A43C3E0E153A}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{838CB2A9-1A74-4E1B-B2CA-97CC2B22AAC4}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{84A639B2-0CC3-4E2A-B08F-91D93B199176}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{8C74AC31-8C4D-4E60-B450-663550C97E59}" = protocol=58 | dir=in | app=system |
"{8D126042-2D25-4857-BB0E-2EF9ED2F534D}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe |
"{8D9874DB-8232-4B69-8ECB-5A8940B1D3DE}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{90D21875-FF76-4045-B555-23809BFE5244}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{90F92AB2-229A-486E-8BD1-3343A29A167E}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9223A0B6-9126-4C15-AF6F-322A7736920C}" = protocol=58 | dir=out | [email protected],-203 |
"{9A17D314-EB00-4E1E-B5E1-DB984341557D}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{9AB184A1-042C-4187-AB47-DDEB20E9619F}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{9AC3E0E4-6A89-4BB5-8358-217DD5CECEB5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9F590B81-2477-4F7B-9B1C-A85E5E020168}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{A4168BF6-FB8A-4E74-8249-2E4A7330B6DE}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{A92DB384-DFA5-4837-B6BE-B3F67497FBD2}" = dir=in | app=rosettastoneversion3.exe |
"{A99068A2-0937-4EF6-A461-9C033111C220}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{AA0A5D08-1706-480C-B373-BCD46674BA48}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{AC8A3F15-E996-4226-8358-A1C4456E9933}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{B5BB2CE2-AD17-44BD-BA28-CE7681A52141}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{B9993EAD-E422-4BE2-9BEB-7B940A94C847}" = protocol=6 | dir=out | app=rosettastoneversion3.exe |
"{BA82EC5F-0729-4F79-A8C1-87D0FEB97B64}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe |
"{BF5C79B3-B148-4219-90E8-08567CC591CF}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{C191FED3-CD2E-400D-8684-A5DA2D3093BA}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{C1CB916B-BED7-4880-8492-1FDA041DECD9}" = protocol=6 | dir=in | app=c:\windows\system32\lxbfcoms.exe |
"{CBE5322F-A2D1-4EEA-AD83-D640D99DD587}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{D0181748-DC89-435A-9480-63E3EB557BBC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D17C751C-3925-4E3B-A22D-62B482D930BC}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{D2B69211-5ED5-410F-8067-A744EBA36CBF}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{D32AF9D1-E791-49B5-9A7B-17E26DE03736}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{D4069A23-4D82-4FCF-9CFD-1A8079ED6AA9}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"{D4A9E3F1-0B7E-4529-8D7B-0B5611161975}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{E03AAE17-B995-41C9-AE06-9F41B52B0AE1}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{E82215B1-8B6D-4F82-AFBF-B807EF65DB12}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{EA5540EC-9297-44B7-9F41-42E3C2A6EE10}" = protocol=6 | dir=out | app=c:\windows\system32\msdtc.exe |
"{EDAE6B75-D16A-4648-9983-479606B1C316}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{F3064A1E-4A5C-4A5C-A8DD-142212BE4C9A}" = protocol=6 | dir=out | app=support inrosettastoneltdservices.exe |
"{F4899B11-5D3D-4750-AEF6-4D22B29AB8B5}" = protocol=17 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{F5F14B46-29F6-4FB3-9D8F-A6ECA49F1E19}" = protocol=17 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{F803A2B5-2B4C-4224-9CC5-EF57EA41CBC5}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbfpswx.exe |
"{FA9F66C6-ABA9-43B6-A3F9-2C65B078AF18}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{FB30AF3B-4102-4DF6-A856-EB71DBA12FEA}" = protocol=6 | dir=out | app=system |
"TCP Query User{435FB965-4284-4871-AE81-D05F6B9CB2BF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6D0776AC-144E-4781-A6B2-A8F3FF27BA1E}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{75C50588-8621-4C3C-A1F9-C8154DF5C8BA}C:\program files\shareaza\shareaza.exe" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"TCP Query User{8BDFF831-4320-486F-9107-027B9517669B}C:\program files\shareaza\shareaza.exe" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"TCP Query User{97FED9F0-C5E7-4A01-AE9F-4B9A7F8CC4CA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{CE2D0FC1-D467-48F7-A942-729C07B6C90B}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{DF01D4FE-AE07-4FDF-AD91-C35DAAC9BA15}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe |
"TCP Query User{EDBC6941-FBB5-45AD-99D6-5D7C140F7C6F}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{0155BCB5-9DB3-45A5-8932-5CEDC9327966}C:\program files\shareaza\shareaza.exe" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"UDP Query User{02780806-85E9-43ED-B824-4EBA2E97036A}C:\program files\shareaza\shareaza.exe" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"UDP Query User{18178F63-4D2A-420E-ACD6-3D500AD05319}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{4F1803EE-8D6D-49B8-8F07-BF88334B42D6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{574F6C3B-1689-42C5-8263-B732006493FF}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{A65582AB-4D10-4B4D-9CB4-44DA83CCBB4C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D9FF1D17-2865-40F7-99CC-ADA6A0306469}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe |
"UDP Query User{FC319165-3B04-4622-8BD0-7CDA902653A9}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{25771101-7948-4591-ABF3-B1ECE7A7F45F}" = HP Update
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 18
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{46A8F476-BDB6-4667-A2A7-43B917220B38}" = easyOFFER 2009 TREB
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{85833A03-476B-43B3-B61C-5EB946DBF6E4}" = HP User Guides 0092
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258h
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D10619EA-8F56-445F-AA98-6EF208E4864F}" = BlackBerry v4.2.1 for the 8700 Series Wireless Handheld
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast!" = avast! Antivirus
"BlackBerry_{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DirectVobSub" = DirectVobSub (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Lexmark X6100 Series" = Lexmark X6100 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Shareaza_is1" = Shareaza 2.5.1.0
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"Soulseek" = SoulSeek Client 156c
"TVWiz" = Intel® TV Wizard
"uTorrent" = µTorrent
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 2/5/2010 10:54:12 PM | Computer Name = Jay-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 00000002.
[ Application Events ]
Error - 7/11/2009 6:05:18 PM | Computer Name = Jay-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 7/11/2009 6:05:18 PM | Computer Name = Jay-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 7/18/2009 9:34:18 AM | Computer Name = Jay-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/18/2009 10:58:20 AM | Computer Name = Jay-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/18/2009 5:19:28 PM | Computer Name = Jay-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/18/2009 7:36:59 PM | Computer Name = Jay-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18226, time stamp
0x49ac95d6, faulting module mshtml.dll, version 7.0.6001.18226, time stamp 0x49acb49d,
exception code 0xc0000005, fault offset 0x000348c4, process id 0x1338, application
start time 0x01ca07eea0522608.
Error - 7/19/2009 12:41:09 PM | Computer Name = Jay-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/21/2009 5:15:06 PM | Computer Name = Jay-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/21/2009 8:47:53 PM | Computer Name = Jay-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/22/2009 10:31:33 PM | Computer Name = Jay-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 8/28/2008 6:29:14 AM | Computer Name = Jay-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 3/18/2009 3:32:37 PM | Computer Name = Jay-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 9/16/2009 3:26:50 PM | Computer Name = Jay-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ System Events ]
Error - 2/25/2010 10:40:03 PM | Computer Name = Jay-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 2/25/2010 10:55:58 PM | Computer Name = Jay-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:53:39 PM on 25/02/2010 was unexpected.
Error - 2/25/2010 10:56:26 PM | Computer Name = Jay-PC | Source = DCOM | ID = 10005
Description =
Error - 2/25/2010 10:56:35 PM | Computer Name = Jay-PC | Source = DCOM | ID = 10005
Description =
Error - 2/25/2010 10:56:38 PM | Computer Name = Jay-PC | Source = DCOM | ID = 10005
Description =
Error - 2/25/2010 10:56:41 PM | Computer Name = Jay-PC | Source = DCOM | ID = 10005
Description =
Error - 2/25/2010 10:56:58 PM | Computer Name = Jay-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 2/25/2010 10:56:58 PM | Computer Name = Jay-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 2/25/2010 11:08:06 PM | Computer Name = Jay-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 2/25/2010 11:24:11 PM | Computer Name = Jay-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description =
< End of report >
Sign In
Create Account
