Win32:Bamital-x Virus Issue

Resolved
By jsf
Oct 18, 2010
Topic Status:
Not open for further replies.
  1. Hi all,

    I could really use some help with this issue I've been having. My computer has been acting kind of strange for at least a few weeks now - I've had some issues logging in (black screen, but with mouse cursor), my explorer.exe has been constantly stopping/restarting, my systray icons disappear, and my Windows toolbar has been messed up.

    I stumbled across http://www.techspot.com/vb/topic152548.html, and figured I should make my own post because my issue could be slightly different. (I had discovered that I had a WIn32:Bamital-x Virus via avast).

    I'm usually very good with my computer, so I'm not quite sure how I picked such a nasty bug up.

    Any help would be greatly appreciated, thanks!

    Edit: Whoops, didn't see new rule, sorry!

    Attach.txt:

    mbam-log-2010-10-18 (21-17-30).txt:

    gmer.log:

  2. jsf

    jsf Newcomer, in training Topic Starter Posts: 17

    DDS.txt:

  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Welcome to TechSpot! I'll help with the malware, but first you need to remove some of the security.

    I notice that you are running 3 antivirus program: McAfee, Symantec and Avast.[/b] This actually makes the system more vulnerable, not less. Decide which you want to keep and remove the other 2. Here are tools to help with the removals:Please reboot the computer after you have finished the above.
    =========================================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ==================================
    Follow with the download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..

    Note: It is not necessary to put the logs in a quote box. This will allow you a bit more space.
    We'll see what running after these scans. I would like to mention though, that you are running an enormous number of processes! I see many that don't need to run unless
    you are actively using it> such as camera. If these all start on boot, they will run in the background and eventually, the system will slow down.

    One last note: Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
  4. jsf

    jsf Newcomer, in training Topic Starter Posts: 17

    Hey, thanks a lot for helping me with this, I appreciate it. I have uninstalled McAfee and Norton. I cannot, however, get my computer to consistently login correctly (I get a black screen but can see the cursor). Is it ok if I do the next steps in safe mode with networking? That seems to work consistently for me.
  5. jsf

    jsf Newcomer, in training Topic Starter Posts: 17

    Ok, so I figured a workaround - had to disable my antivirus at startup because explorer.exe is infected and is being prevented from starting.

    ESET Log:

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=cad4736de48f9a4bab2523c762edd132
    # end=stopped
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-10-19 03:35:37
    # local_time=2010-10-19 11:35:37 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=768 16777215 100 0 0 0 0 0
    # compatibility_mode=5892 16776573 100 56 34873502 124101162 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=5190
    # found=0
    # cleaned=0
    # scan_time=80
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=cad4736de48f9a4bab2523c762edd132
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-10-19 09:02:21
    # local_time=2010-10-19 05:02:21 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=768 16777215 100 0 0 0 0 0
    # compatibility_mode=5892 16776573 100 56 34885034 124112694 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=245000
    # found=3
    # cleaned=0
    # scan_time=8152
    C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.EB trojan 00000000000000000000000000000000 I
    C:\Windows\System32\wininit.exe Win32/Bamital.EC trojan 00000000000000000000000000000000 I
    C:\Windows\SysWOW64\wininit.exe Win32/Bamital.EC trojan 00000000000000000000000000000000 I


    I couldn't get ComboFix to work as it said it was for XP only.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Combofix wworks on Windows XP, Vista and Windows 7. But it does not work on 64 bit. But since GMER also doesn't run on 64 bit and it ran, then you should be able to run Combofix.

    Run the following first, then try Combofix again.

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Processes	
      :Files  
      C:\Users\Public\Documents\Server\hlp.dat 
      C:\Windows\System32\wininit.exe 
      C:\Windows\SysWOW64\wininit.exe 
      
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  7. jsf

    jsf Newcomer, in training Topic Starter Posts: 17

    All processes killed
    ========== PROCESSES ==========
    ========== FILES ==========
    C:\Users\Public\Documents\Server\hlp.dat moved successfully.
    C:\Windows\System32\wininit.exe moved successfully.
    File/Folder C:\Windows\SysWOW64\wininit.exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jordan
    ->Temp folder emptied: 29073683 bytes
    ->Temporary Internet Files folder emptied: 372639 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 42460581 bytes
    ->Flash cache emptied: 6090 bytes

    User: jsf333
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Mcx1
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: RA Media Server
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1144069 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32969 bytes
    RecycleBin emptied: 150073919 bytes

    Total Files Cleaned = 213.00 mb


    OTM by OldTimer - Version 3.1.16.1 log created on 10192010_213249

    Files moved on Reboot...
    C:\Users\Jordan\AppData\Local\Mozilla\Firefox\Profiles\n9finixu.default\Cache\_CACHE_001_ moved successfully.
    C:\Users\Jordan\AppData\Local\Mozilla\Firefox\Profiles\n9finixu.default\Cache\_CACHE_002_ moved successfully.
    C:\Users\Jordan\AppData\Local\Mozilla\Firefox\Profiles\n9finixu.default\Cache\_CACHE_003_ moved successfully.
    C:\Users\Jordan\AppData\Local\Mozilla\Firefox\Profiles\n9finixu.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Users\Jordan\AppData\Local\Mozilla\Firefox\Profiles\n9finixu.default\urlclassifier3.sqlite moved successfully.
    File move failed. C:\Windows\temp\Pharos\UpdaterLog.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...



    Still getting the same message from ComboFix.

    It says: Error - Win32 only

    Incompatible OS. ComboFix only works for workstations with Windows 2000 and XP. Then it says it again in like 8 languages.
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Not sure what's going on>
    Windows Vista 64 bit : What is SysWOW64 ?

    WoW64 stands for "Windows on 64-bit Windows", and it contains all the 32-bit binary files required for compatibility, which run on top of the 64 bit Windows.

    it looks like a double copy of everything in System32 (which despite the directory name, are actually 64-bit binaries). How do you have the operating system set up? Was it 64 bit when you got it? Or 32bit?
    Here is a good example of the conflict: Both of these came up infected in the Eset scan:
    C:\Windows\System32\wininit.exe
    C:\Windows\SysWOW64\wininit.exe


    If you are running 32 bit Windows then finding this SysWoW64 directory is a strange: One of the Errors showing is: 10/18/2010 8:58:40 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    And there are numerous other Errors caused by incompatibility with the system.

    Somehow you managed to run GMER in 32bit because it won't run in 64bit- you'd get a similar error message as what you're getting with Combofix if you did.

    Can you give me some insight as to how the OS is loaded with the 32 and 64 bit, with some program not working? In the meantime, I'm going to ask someone to take a look here and see if he can offer us more guidance.
    ===============================
    I think you can run a 32 bit application, if you modify the env PATH variable and put SysWOW64 before system32.
    If he says this is okay, I have you do it and then run Combofix> not yet though.
    1. Start %windir%\SysWoW64\cmd.exe
    2. set PATH=%systemroot%\SysWOW64;%PATH%
    3. Run the application.
    4. After application has completed, reset PATH variable if required.
  9. jsf

    jsf Newcomer, in training Topic Starter Posts: 17

    I don't think there is anything special about the way my system came set up. I ordered it from dell installed with 64-bit Windows. I haven't changed anything with regards to the main operating system.

    I've had this computer since around mid August of last year, and haven't noticed any issues with compatibility ever, but I do find it strange that there are double copies of everything...
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    The thing is that something in the system emulating the functions of one system using a different system, so that the second system behaves like (and appears to be) the first system. ...You were able to run GMER, but GMER gives an error to a 64bit system and won't run. Now you want to run another program that also won't run on a 64 bit system, but now the system is being forced into 64 bit and tells you-rightly-that the program isn't compatible.

    This is not an either/or situation> it should be both or none.

    Are you logging on to the same account for Combofix that you did for GMER? We trying to get a Command set up to direct to the 32 bit system.
  11. jsf

    jsf Newcomer, in training Topic Starter Posts: 17

    Yeah it's from the same account. Very strange.
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    With help from jobeard and Microsoft, we came up with this to try and force the system to run the program in 32bit:

    Make sure the change to path is done from Admin:

    How to Open and Run 32-bit Command Prompt in 64-bit (x64) Windows

    The user can type the command-line script at a 32-bit command prompt. The 32-bit command prompt automatically redirects file system calls to the correct 32-bit directory.

    To start and open a 32-bit command prompt, follow these steps:
    1. Click Start.
    2. Type %windir%\SysWoW64\cmd.exe in Start Search box.

      (Or Alternatively, press Win + R keys (or type Run in Start Search) to open Run dialog, and type %windir%\SysWoW64\cmd.exe.)
    3. Press Enter.
    [​IMG]

    In 32-bit command prompt, the %programfiles% path variable will point to Program Files (x86) folder which stores all 32-bit binaries.

    Now run Combofix

    I am waiting anxiously to see if this works for you and isn't too complicated. If it does, it will give us a way to run Combofix on the 64bit systems.
  13. jsf

    jsf Newcomer, in training Topic Starter Posts: 17

    It doesn't seem to be working - still getting the same message as before. It does seem like an interesting work around, but my Combofix.exe is saved on the desktop - could that be an issue?

    Edit: No, moved the combofix.exe to my Program Files (x86) folder, still got the same message.
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You weren't dealing with the actual location of desktop vs programs, but rather 64bit vs 32bit to run the program.

    Try one more thing\- before running a scan on Combofix, do a right click> Rename> change combofix.exe to jsfspot.exe then try the scan.

    IF it still won't work, I see you have installed OTL. Run that instead.
  15. jsf

    jsf Newcomer, in training Topic Starter Posts: 17

    Ah, I see. Well it didn't work when I changed the name.

    Are there any specific instructions I need to do for OTL?
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    • Download OTL from either of the links below and save it to your desktop.
      Link 1
      Link 2
    • Double click the OTL icon to run it.[​IMG]
    • The opened console will resemble this: [​IMG]
    • Set Output at the top to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Copy the entries in the Codebox below> Paste in the Custom Scan box.
      Code:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      symmpi.sys
      adp3132.sys
      mv61xx.sys
      /md5stop
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav
      CREATERESTOREPOINT
      
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      Make sure all other windows are closed and to let it run uninterrupted.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
  17. jsf

    jsf Newcomer, in training Topic Starter Posts: 17

    OTL logfile created on: 10/24/2010 7:23:30 PM - Run 2
    OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Jordan\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.00% Memory free
    8.00 Gb Paging File | 5.00 Gb Available in Paging File | 70.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.07 Gb Total Space | 355.67 Gb Free Space | 78.85% Space Free | Partition Type: NTFS
    Drive D: | 14.65 Gb Total Space | 5.27 Gb Free Space | 35.97% Space Free | Partition Type: NTFS

    Computer Name: JORDAN-PC | User Name: Jordan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Jordan\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    PRC - C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
    PRC - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
    PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
    PRC - C:\Users\Jordan\AppData\Local\TVersity\Media Server\MediaServer.exe ()
    PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
    PRC - c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
    PRC - C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe (SingleClick Systems)
    PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
    PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
    PRC - C:\Program Files (x86)\Dell V305\dldtmsdmon.exe ()
    PRC - C:\Program Files (x86)\Dell V305\dldtmon.exe ()
    PRC - C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)
    PRC - C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe (Apache Software Foundation)
    PRC - C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe ()


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Jordan\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (IDT, Inc.)
    SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (Andrea Electronics Corporation)
    SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
    SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
    SRV:64bit: - (dldt_device) -- C:\Windows\SysNative\dldtcoms.exe ( )
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
    SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (TVersityMediaServer) -- C:\Users\Jordan\AppData\Local\TVersity\Media Server\MediaServer.exe ()
    SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
    SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
    SRV - (Sound Blaster X-Fi MB Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs)
    SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
    SRV - (hnmsvc) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
    SRV - (dsl-fs-sync) -- C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe (SingleClick Systems)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
    SRV - (Pharos Systems ComTaskMaster) -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)
    SRV - (dldt_device) -- C:\Windows\SysWow64\dldtcoms.exe ( )
    SRV - (Apache2.2) -- C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe (Apache Software Foundation)
    SRV - (dsl-db) -- C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe ()


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
    DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
    DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
    DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
    DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (HtcVCom32) -- C:\Windows\SysNative\DRIVERS\HtcVComV64.sys (QUALCOMM Incorporated)
    DRV:64bit: - (HtcUsbMdmV64) -- C:\Windows\SysNative\DRIVERS\HtcUsbMdmV64.sys (QUALCOMM Incorporated)
    DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
    DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
    DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG)
    DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys (HTC, Corporation)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
    DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
    DRV:64bit: - (itecir) -- C:\Windows\SysNative\DRIVERS\itecir.sys (ITE Tech. Inc. )
    DRV:64bit: - (OA001Vid) -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys (Creative Technology Ltd.)
    DRV:64bit: - (OA001Ufd) -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys (Creative Technology Ltd.)
    DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys (Creative Technology Ltd.)
    DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
    DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys (Broadcom Corporation)
    DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys (REDC)
    DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys (REDC)
    DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys (REDC)
    DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
    DRV:64bit: - (FACAP) -- C:\Windows\SysNative\DRIVERS\facap.sys (Sensible Vision )
    DRV:64bit: - (Packet) -- C:\Windows\SysNative\DRIVERS\packet.sys (SingleClick Systems)
    DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys (Broadcom Corporation.)
    DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys (Broadcom Corporation.)
    DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
    DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
    DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
    DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
    DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
    DRV - (SMSIVZAM5X64) -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys (Smith Micro Inc.)
    DRV - (Packet) -- C:\Windows\SysWOW64\drivers\packet.sys (SingleClick Systems)
    DRV - (ASPI32) -- C:\Windows\SysWow64\drivers\ASPI32.SYS (Adaptec)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AIM Search"
    FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
    FF - prefs.js..browser.search.selectedEngine: "Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.sportsbusinessjournal.com/index.cfm?"
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
    FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.73
    FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..keyword.URL: "http://search.myheritage.com/?orig=ds&q="


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/21 00:52:22 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/21 00:52:22 | 000,000,000 | ---D | M]

    [2009/08/01 16:29:34 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Mozilla\Extensions
    [2010/10/23 22:40:26 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\n9finixu.default\extensions
    [2010/05/22 12:54:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\n9finixu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/10/10 13:56:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\n9finixu.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
    [2010/05/22 12:55:09 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\n9finixu.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2010/10/06 21:07:47 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\n9finixu.default\extensions\vshare@toolbar
    [2010/10/23 22:40:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/10/10 13:51:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/18 09:49:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2007/11/09 16:10:22 | 000,079,440 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\CgpCore.dll
    [2007/11/09 16:10:24 | 000,075,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\confmgr.dll
    [2007/11/09 16:10:50 | 000,034,384 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\logging.dll
    [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    [2007/11/09 16:11:08 | 000,333,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
    [2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
    [2007/11/09 16:11:38 | 000,030,288 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\TcpPServ.dll
    [2009/12/19 01:39:01 | 000,003,803 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\MyHeritage.xml

    O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
    O4:64bit: - HKLM..\Run: [dldtamon] C:\Program Files (x86)\Dell V305\dldtamon.exe ()
    O4:64bit: - HKLM..\Run: [dldtmon.exe] C:\Program Files (x86)\Dell V305\dldtmon.exe ()
    O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
    O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\system32\AmbRunE.DLL File not found
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
    O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [FAStartup] File not found
    O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
    O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
    O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL LLC)
    O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
    O4 - Startup: C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 [2010/09/26 20:31:37 | 000,000,000 | ---D | M]
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    O24 - Desktop BackupWallPaper: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/04/30 18:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
    O33 - MountPoints2\{12f84631-a917-11de-851f-002556d8d8b4}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
    O33 - MountPoints2\{38fb6d56-0ab5-11df-bd78-002556d8d8b4}\Shell - "" = AutoRun
    O33 - MountPoints2\{38fb6d56-0ab5-11df-bd78-002556d8d8b4}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
    O33 - MountPoints2\{a45403fc-d1e7-11df-891b-002556d8d8b4}\Shell - "" = AutoRun
    O33 - MountPoints2\{a45403fc-d1e7-11df-891b-002556d8d8b4}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe -- File not found
    O33 - MountPoints2\{a4540498-d1e7-11df-891b-002556d8d8b4}\Shell - "" = AutoRun
    O33 - MountPoints2\{a4540498-d1e7-11df-891b-002556d8d8b4}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe -- File not found
    O33 - MountPoints2\{a45404df-d1e7-11df-891b-002556d8d8b4}\Shell - "" = AutoRun
    O33 - MountPoints2\{a45404df-d1e7-11df-891b-002556d8d8b4}\Shell\AutoRun\command - "" = H:\TL-Bootstrap.exe -- File not found
    O33 - MountPoints2\{a45404fd-d1e7-11df-891b-002556d8d8b4}\Shell - "" = AutoRun
    O33 - MountPoints2\{a45404fd-d1e7-11df-891b-002556d8d8b4}\Shell\AutoRun\command - "" = H:\TL-Bootstrap.exe -- File not found
    O33 - MountPoints2\{b00fa462-7ec1-11de-b1fd-002556d8d8b4}\Shell\AutoRun\command - "" = setup.exe
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = setup.exe
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = setup.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    CREATERESTOREPOINT
    Error creating restore point.

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/10/22 19:49:07 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
    [2010/10/21 22:50:37 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Local\Apple
    [2010/10/19 21:32:49 | 000,000,000 | ---D | C] -- C:\_OTM
    [2010/10/19 21:32:13 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Jordan\Desktop\OTM.exe
    [2010/10/19 11:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2010/10/19 10:47:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2010/10/19 10:45:44 | 000,921,512 | ---- | C] (Symantec Corporation) -- C:\Users\Jordan\Desktop\Norton_Removal_Tool.exe
    [2010/10/19 10:40:20 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Local\Apple Computer
    [2010/10/18 22:18:16 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Local\Adobe
    [2010/10/18 20:20:59 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Jordan\Desktop\TFC.exe
    [2010/10/18 09:53:29 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/10/18 09:51:17 | 000,641,473 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\Jordan\Desktop\JavaRa.exe
    [2010/10/18 09:41:36 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Local\AIM
    [2010/10/18 09:41:32 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Local\AOL
    [2010/10/18 09:28:25 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Jordan\Desktop\OTL.exe
    [2010/10/18 09:27:39 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jordan\Desktop\TDSSKiller.exe
    [2010/10/18 03:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2010/10/18 03:31:43 | 090,378,880 | ---- | C] (Norman ASA) -- C:\Users\Jordan\Desktop\Norman_Malware_Cleaner.exe
    [2010/10/18 03:31:03 | 009,578,056 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Jordan\Desktop\SUPERAntiSpyware.exe
    [2010/10/18 02:55:38 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Roaming\Malwarebytes
    [2010/10/18 02:55:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/10/18 02:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/10/18 02:55:15 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/10/18 02:55:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/10/18 01:48:14 | 000,121,936 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2010/10/18 01:48:14 | 000,028,752 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2010/10/18 01:48:14 | 000,020,048 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2010/10/18 01:48:13 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2010/10/18 01:48:12 | 000,061,008 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2010/10/18 01:47:30 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2010/10/18 01:47:25 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2010/10/18 01:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2010/10/18 01:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/10/17 15:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
    [2010/10/17 15:47:09 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
    [2010/10/17 15:43:05 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
    [2010/10/17 15:43:05 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
    [2010/10/15 20:40:45 | 001,187,896 | ---- | C] (Piriform Ltd) -- C:\Users\Jordan\Desktop\ccsetup236.exe
    [2010/10/10 13:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2010/10/10 13:51:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2010/10/09 21:46:09 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Roaming\Outlook
    [2010/10/09 21:46:04 | 000,000,000 | ---D | C] -- C:\Users\Jordan\Documents\My Photos
    [2010/10/09 21:46:04 | 000,000,000 | ---D | C] -- C:\Users\Jordan\Documents\My Documents
    [2010/10/09 21:31:50 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
    [2010/10/09 21:27:31 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Roaming\HTC
    [2010/10/09 21:26:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
    [2010/10/09 21:00:42 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Roaming\Verizon Wireless
    [2010/10/09 20:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\WEngineLite
    [2010/10/09 20:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Verizon Wireless
    [2010/10/09 20:58:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verizon Wireless
    [2010/10/09 20:57:44 | 000,121,800 | ---- | C] (QUALCOMM Incorporated) -- C:\Windows\SysNative\drivers\HtcVComV64.sys
    [2010/10/09 20:57:44 | 000,121,800 | ---- | C] (QUALCOMM Incorporated) -- C:\Windows\SysNative\drivers\HtcUsbMdmV64.sys
    [2010/10/09 20:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
    [2010/10/02 01:18:17 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
    [2010/09/29 10:07:02 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Roaming\WindSolutions
    [2010/09/29 10:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
    [2010/09/29 03:13:24 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Local\Downloaded Installations
    [2010/09/29 03:13:10 | 005,790,273 | ---- | C] (KennettNet Software Ltd ) -- C:\Users\Jordan\Desktop\musicrescuesetup.exe
    [2010/09/26 20:30:42 | 000,000,000 | ---D | C] -- C:\Users\Jordan\Desktop\7
    [2010/09/19 19:23:19 | 000,000,000 | ---D | C] -- C:\Users\Jordan\Documents\_NYU Sophomore
    [2010/09/11 00:10:54 | 000,000,000 | ---D | C] -- C:\Users\Jordan\Desktop\img
    [2010/09/10 21:41:37 | 000,000,000 | ---D | C] -- C:\Users\Jordan\Documents\StarCraft II
    [2010/09/10 21:41:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
    [2010/09/10 21:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
    [2010/09/10 16:57:19 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Roaming\FileOpen
    [2010/09/10 16:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen
    [2010/09/06 12:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/09/06 12:24:43 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/09/06 12:24:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2010/09/06 12:24:43 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    [2010/09/06 12:20:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2010/09/02 23:17:30 | 000,057,752 | ---- | C] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe
    [2010/09/02 23:17:30 | 000,057,752 | ---- | C] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
    [2010/08/25 17:36:26 | 000,014,336 | ---- | C] (Absolute Software Corp.) -- C:\Windows\SysWow64\instac64.exe
    [2009/08/30 14:50:58 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtinpa.dll
    [2009/08/30 14:50:58 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtiesc.dll
    [2009/08/30 14:50:57 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtpmui.dll
    [2009/08/30 14:50:54 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtusb1.dll
    [2009/08/30 14:50:53 | 001,105,920 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtserv.dll
    [2009/08/30 14:50:52 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtlmpm.dll
    [2009/08/30 14:50:52 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtprox.dll
    [2009/08/30 14:50:50 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\dldthbn3.dll
    [2009/08/30 14:50:49 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtcomc.dll
    [2009/08/30 14:50:49 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtcomm.dll

    ========== Files - Modified Within 90 Days ==========

    [2010/10/24 19:03:36 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/10/24 19:03:36 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/10/24 03:03:36 | 000,108,485 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2010/10/24 03:03:36 | 000,108,485 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2010/10/24 03:03:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/10/24 03:03:20 | 000,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
    [2010/10/23 18:36:13 | 000,012,288 | ---- | M] () -- C:\Users\Jordan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/10/23 18:05:00 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2010/10/23 16:05:14 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/10/23 16:05:14 | 000,607,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/10/23 16:05:14 | 000,105,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/10/22 19:27:21 | 003,883,811 | ---- | M] () -- C:\Users\Jordan\Desktop\ComboFix(2).exe
    [2010/10/22 13:33:27 | 003,052,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/10/22 13:33:23 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
    [2010/10/22 13:32:45 | 4024,811,520 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/22 13:31:56 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2010/10/22 13:20:26 | 000,052,389 | ---- | M] () -- C:\Users\Jordan\Desktop\Alpha Epsilon Pi First Annual Rocking Chair Event.pdf
    [2010/10/22 13:20:17 | 000,011,044 | ---- | M] () -- C:\Users\Jordan\Desktop\Alpha Epsilon Pi First Annual Rocking Chair Event.docx
    [2010/10/20 08:10:22 | 000,001,356 | ---- | M] () -- C:\Users\Jordan\AppData\Local\d3d9caps.dat
    [2010/10/19 21:32:28 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Jordan\Desktop\OTM.exe
    [2010/10/19 17:09:08 | 003,880,681 | ---- | M] () -- C:\Program Files (x86)\ComboFix(2).exe
    [2010/10/19 17:05:21 | 003,880,681 | ---- | M] () -- C:\Users\Jordan\Desktop\jsfspot.exe
    [2010/10/19 14:45:02 | 002,672,312 | ---- | M] () -- C:\Users\Jordan\Desktop\esetsmartinstaller_enu(2).exe
    [2010/10/19 11:32:03 | 002,672,312 | ---- | M] () -- C:\Users\Jordan\Desktop\esetsmartinstaller_enu.exe
    [2010/10/19 10:45:44 | 000,921,512 | ---- | M] (Symantec Corporation) -- C:\Users\Jordan\Desktop\Norton_Removal_Tool.exe
    [2010/10/19 10:45:36 | 001,373,616 | ---- | M] () -- C:\Users\Jordan\Desktop\MCPR.exe
    [2010/10/18 21:52:10 | 000,544,768 | ---- | M] () -- C:\Users\Jordan\Desktop\dds.scr
    [2010/10/18 21:18:45 | 000,294,912 | ---- | M] () -- C:\Users\Jordan\Desktop\9k2650k5.exe
    [2010/10/18 20:23:22 | 000,080,384 | ---- | M] () -- C:\Users\Jordan\Desktop\MBRCheck.exe
    [2010/10/18 20:21:08 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jordan\Desktop\TFC.exe
    [2010/10/18 09:29:26 | 000,075,264 | ---- | M] () -- C:\Users\Jordan\Desktop\SystemLook.exe
    [2010/10/18 09:28:26 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jordan\Desktop\OTL.exe
    [2010/10/18 03:33:26 | 090,378,880 | ---- | M] (Norman ASA) -- C:\Users\Jordan\Desktop\Norman_Malware_Cleaner.exe
    [2010/10/18 03:31:47 | 009,578,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Jordan\Desktop\SUPERAntiSpyware.exe
    [2010/10/18 01:48:15 | 000,001,798 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2010/10/18 01:48:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2010/10/15 20:40:53 | 001,187,896 | ---- | M] (Piriform Ltd) -- C:\Users\Jordan\Desktop\ccsetup236.exe
    [2010/10/13 02:50:56 | 000,046,080 | ---- | M] () -- C:\Users\Jordan\Desktop\Copy of Queen McPea.xls
    [2010/10/10 14:00:07 | 000,000,366 | ---- | M] () -- C:\Users\Jordan\Desktop\Reset_Notification_Icons_List.reg
    [2010/10/09 21:44:35 | 000,037,841 | ---- | M] () -- C:\Users\Jordan\AppData\Roaming\Comma Separated Values (DOS).ADR
    [2010/10/09 21:41:39 | 000,049,435 | ---- | M] () -- C:\Users\Jordan\Desktop\contacts.csv
    [2010/10/09 21:27:23 | 000,001,015 | ---- | M] () -- C:\Users\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\HTC Sync.lnk
    [2010/10/05 23:55:03 | 009,910,356 | ---- | M] () -- C:\Users\Jordan\Desktop\90th ann.zip
    [2010/10/04 09:08:00 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jordan\Desktop\TDSSKiller.exe
    [2010/09/30 21:09:05 | 000,000,732 | ---- | M] () -- C:\Users\Jordan\AppData\Local\d3d9caps64.dat
    [2010/09/29 03:13:16 | 005,790,273 | ---- | M] (KennettNet Software Ltd ) -- C:\Users\Jordan\Desktop\musicrescuesetup.exe
    [2010/09/29 00:03:32 | 000,059,400 | ---- | M] () -- C:\Users\Jordan\Desktop\test.csv
    [2010/09/17 10:55:49 | 000,012,161 | ---- | M] () -- C:\Users\Jordan\Desktop\Copy of Dues Payment Record for JFine.xlsx
    [2010/09/16 19:05:35 | 001,270,784 | ---- | M] () -- C:\Users\Jordan\Desktop\Alpha Epsilon Pi - Advanced Rush Presentation.ppt
    [2010/09/11 01:53:03 | 000,196,836 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
    [2010/09/11 01:22:38 | 000,032,375 | ---- | M] () -- C:\Users\Jordan\Desktop\wtc-before-penttbom.jpg
    [2010/09/09 20:50:27 | 000,517,632 | ---- | M] () -- C:\Users\Jordan\Desktop\Jordan_Fine_ST-225.doc
    [2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2010/09/07 11:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2010/09/07 10:52:29 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2010/09/07 10:52:09 | 000,121,936 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2010/09/07 10:47:49 | 000,028,752 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2010/09/07 10:47:33 | 000,061,008 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2010/09/07 10:47:10 | 000,020,048 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2010/09/02 23:17:05 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe
    [2010/09/02 23:14:16 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
    [2010/09/02 23:12:31 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
    [2010/08/09 19:02:06 | 000,641,473 | ---- | M] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\Jordan\Desktop\JavaRa.exe

    ========== Files Created - No Company Name ==========

    [2010/10/22 19:27:21 | 003,883,811 | ---- | C] () -- C:\Users\Jordan\Desktop\ComboFix(2).exe
    [2010/10/22 13:20:17 | 000,011,044 | ---- | C] () -- C:\Users\Jordan\Desktop\Alpha Epsilon Pi First Annual Rocking Chair Event.docx
    [2010/10/22 13:19:26 | 000,052,389 | ---- | C] () -- C:\Users\Jordan\Desktop\Alpha Epsilon Pi First Annual Rocking Chair Event.pdf
    [2010/10/21 01:01:03 | 000,132,864 | ---- | C] () -- C:\Users\Jordan\Desktop\Tuffy-Regular.ttf
    [2010/10/21 01:01:03 | 000,119,744 | ---- | C] () -- C:\Users\Jordan\Desktop\TuffyScript-Regular.ttf
    [2010/10/21 01:01:03 | 000,119,168 | ---- | C] () -- C:\Users\Jordan\Desktop\TuffyInfant-Regular.ttf
    [2010/10/21 01:01:03 | 000,105,220 | ---- | C] () -- C:\Users\Jordan\Desktop\Tuffy-Bold.ttf
    [2010/10/21 01:01:03 | 000,087,864 | ---- | C] () -- C:\Users\Jordan\Desktop\Tuffy-BoldItalic.ttf
    [2010/10/21 01:01:03 | 000,087,444 | ---- | C] () -- C:\Users\Jordan\Desktop\Tuffy-Italic.ttf
    [2010/10/21 00:48:03 | 000,033,248 | ---- | C] () -- C:\Users\Jordan\Desktop\BPreplayItalics.otf
    [2010/10/21 00:48:03 | 000,033,204 | ---- | C] () -- C:\Users\Jordan\Desktop\BPreplayBoldItalics.otf
    [2010/10/21 00:48:03 | 000,031,480 | ---- | C] () -- C:\Users\Jordan\Desktop\BPreplayBold.otf
    [2010/10/21 00:48:03 | 000,030,672 | ---- | C] () -- C:\Users\Jordan\Desktop\BPreplay.otf
    [2010/10/21 00:43:09 | 000,098,584 | ---- | C] () -- C:\Users\Jordan\Desktop\CLEANVEL.TTF
    [2010/10/21 00:43:09 | 000,094,916 | ---- | C] () -- C:\Users\Jordan\Desktop\CLEANVEB.TTF
    [2010/10/19 17:09:07 | 003,880,681 | ---- | C] () -- C:\Program Files (x86)\ComboFix(2).exe
    [2010/10/19 17:04:33 | 003,880,681 | ---- | C] () -- C:\Users\Jordan\Desktop\jsfspot.exe
    [2010/10/19 14:45:02 | 002,672,312 | ---- | C] () -- C:\Users\Jordan\Desktop\esetsmartinstaller_enu(2).exe
    [2010/10/19 13:33:20 | 4024,811,520 | -HS- | C] () -- C:\hiberfil.sys
    [2010/10/19 11:32:02 | 002,672,312 | ---- | C] () -- C:\Users\Jordan\Desktop\esetsmartinstaller_enu.exe
    [2010/10/19 10:45:34 | 001,373,616 | ---- | C] () -- C:\Users\Jordan\Desktop\MCPR.exe
    [2010/10/18 21:52:10 | 000,544,768 | ---- | C] () -- C:\Users\Jordan\Desktop\dds.scr
    [2010/10/18 21:18:42 | 000,294,912 | ---- | C] () -- C:\Users\Jordan\Desktop\9k2650k5.exe
    [2010/10/18 20:23:15 | 000,080,384 | ---- | C] () -- C:\Users\Jordan\Desktop\MBRCheck.exe
    [2010/10/18 09:29:26 | 000,075,264 | ---- | C] () -- C:\Users\Jordan\Desktop\SystemLook.exe
    [2010/10/18 01:48:15 | 000,001,798 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2010/10/18 01:48:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2010/10/18 01:47:42 | 000,440,972 | ---- | C] () -- C:\Users\Jordan\AppData\Local\dd_vcredistMSI1FCA.txt
    [2010/10/18 01:47:42 | 000,011,634 | ---- | C] () -- C:\Users\Jordan\AppData\Local\dd_vcredistUI1FCA.txt
    [2010/10/17 15:43:05 | 000,012,264 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
    [2010/10/15 21:38:54 | 000,590,380 | ---- | C] () -- C:\Users\Jordan\AppData\Local\dd_vcredistMSI4513.txt
    [2010/10/15 21:38:52 | 000,014,526 | ---- | C] () -- C:\Users\Jordan\AppData\Local\dd_vcredistUI4513.txt
    [2010/10/10 15:27:28 | 000,046,080 | ---- | C] () -- C:\Users\Jordan\Desktop\Copy of Queen McPea.xls
    [2010/10/10 14:00:06 | 000,000,366 | ---- | C] () -- C:\Users\Jordan\Desktop\Reset_Notification_Icons_List.reg
    [2010/10/09 21:44:35 | 000,037,841 | ---- | C] () -- C:\Users\Jordan\AppData\Roaming\Comma Separated Values (DOS).ADR
    [2010/10/09 21:41:39 | 000,049,435 | ---- | C] () -- C:\Users\Jordan\Desktop\contacts.csv
    [2010/10/09 21:27:23 | 000,001,015 | ---- | C] () -- C:\Users\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\HTC Sync.lnk
    [2010/10/05 23:54:53 | 009,910,356 | ---- | C] () -- C:\Users\Jordan\Desktop\90th ann.zip
    [2010/09/30 21:09:05 | 000,000,732 | ---- | C] () -- C:\Users\Jordan\AppData\Local\d3d9caps64.dat
    [2010/09/29 00:03:26 | 000,059,400 | ---- | C] () -- C:\Users\Jordan\Desktop\test.csv
    [2010/09/16 19:52:31 | 000,012,161 | ---- | C] () -- C:\Users\Jordan\Desktop\Copy of Dues Payment Record for JFine.xlsx
    [2010/09/16 19:05:32 | 001,270,784 | ---- | C] () -- C:\Users\Jordan\Desktop\Alpha Epsilon Pi - Advanced Rush Presentation.ppt
    [2010/09/11 01:22:38 | 000,032,375 | ---- | C] () -- C:\Users\Jordan\Desktop\wtc-before-penttbom.jpg
    [2010/09/09 20:50:25 | 000,517,632 | ---- | C] () -- C:\Users\Jordan\Desktop\Jordan_Fine_ST-225.doc
    [2010/09/02 23:14:16 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
    [2010/09/02 23:12:31 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
    [2010/09/02 23:12:31 | 000,017,408 | ---- | C] () -- C:\Windows\SysNative\rpcnetp.exe
    [2009/12/20 01:19:41 | 000,001,356 | ---- | C] () -- C:\Users\Jordan\AppData\Local\d3d9caps.dat
    [2009/12/16 18:34:56 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
    [2009/12/03 23:04:32 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2009/12/03 23:04:29 | 000,001,632 | ---- | C] () -- C:\Windows\SysWow64\l86tniuw.dll
    [2009/12/03 23:03:08 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/10/17 13:38:37 | 000,000,037 | ---- | C] () -- C:\Windows\wmvtoiPodconverter.ini
    [2009/09/29 02:23:46 | 000,322,538 | ---- | C] () -- C:\Users\Jordan\AppData\Local\dd_vcredistMSI0853.txt
    [2009/09/29 02:23:46 | 000,012,458 | ---- | C] () -- C:\Users\Jordan\AppData\Local\dd_vcredistUI0853.txt
    [2009/09/27 00:52:26 | 000,000,048 | ---- | C] () -- C:\Windows\iltwain.ini
    [2009/09/24 02:23:13 | 000,000,000 | ---- | C] () -- C:\Users\Jordan\AppData\Roaming\wklnhst.dat
    [2009/08/30 20:18:12 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2009/08/30 14:50:59 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\DLDTinst.dll
    [2009/08/30 14:50:58 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\dldtcomx.dll
    [2009/08/30 14:50:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dldtjswr.dll
    [2009/08/30 14:50:58 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dldtinsr.dll
    [2009/08/30 14:50:57 | 000,520,192 | ---- | C] () -- C:\Windows\SysWow64\dldtutil.dll
    [2009/08/30 14:50:57 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dldtcur.dll
    [2009/08/30 14:50:56 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\dldtinsb.dll
    [2009/08/30 14:50:56 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dldtins.dll
    [2009/08/30 14:50:54 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dldtcub.dll
    [2009/08/30 14:50:54 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\dldtcu.dll
    [2009/08/09 18:33:59 | 000,012,288 | ---- | C] () -- C:\Users\Jordan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/08/01 17:08:24 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2009/07/28 22:13:17 | 000,001,438 | ---- | C] () -- C:\Windows\FF08_not_Spk_Hp.ini
    [2009/07/28 22:13:17 | 000,001,379 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
    [2009/07/28 22:13:01 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2009/07/28 22:13:01 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2009/07/28 21:34:47 | 000,108,485 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009/07/28 21:33:13 | 000,108,485 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2009/07/15 12:45:34 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\dldtdrs.dll
    [2009/05/14 13:57:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\dldtcaps.dll
    [2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
    [2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
    [2008/01/22 02:05:12 | 000,077,906 | ---- | C] () -- C:\Windows\SysWow64\dldtcfg.dll
    [2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2007/11/13 19:13:10 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\dldtcnv4.dll

    ========== LOP Check ==========

    [2009/08/02 23:16:57 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\acccore
    [2010/02/24 21:52:37 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Astroburn Lite
    [2010/01/19 15:19:43 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/02/24 21:27:49 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\DAEMON Tools Lite
    [2009/12/16 03:18:10 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\DonationCoder
    [2009/12/27 22:54:49 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\EA
    [2010/09/10 16:57:23 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\FileOpen
    [2010/10/06 00:22:09 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\FileZilla
    [2009/12/18 22:59:03 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\FreeFLVConverter
    [2010/10/09 21:27:46 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\HTC
    [2010/10/09 21:31:50 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
    [2010/04/24 12:03:18 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\ICAClient
    [2009/12/04 02:22:37 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
    [2009/12/16 15:51:49 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Moyea
    [2009/09/21 19:07:32 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Opera
    [2010/10/09 21:46:09 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Outlook
    [2009/10/08 19:41:41 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\StealthBot
    [2010/03/09 21:24:35 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\StreamTorrent
    [2009/08/09 21:11:06 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\TeamViewer
    [2010/04/03 19:54:18 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Template
    [2010/10/15 20:08:53 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\WindSolutions
    [2010/01/28 18:07:21 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Xerox
    [2009/10/18 02:12:51 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Xilisoft Corporation
    [2010/10/23 18:05:00 | 000,000,496 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    [2010/10/22 13:31:56 | 000,032,524 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
    [2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

    < MD5 for: ATAPI.SYS >
    [2008/01/20 22:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
    [2009/04/24 23:26:24 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
    [2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
    [2009/04/24 23:26:24 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys

    < MD5 for: CNGAUDIT.DLL >
    [2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
    [2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
    [2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
    [2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
  18. jsf

    jsf Newcomer, in training Topic Starter Posts: 17

    < MD5 for: IASTORV.SYS >
    [2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

    < MD5 for: NETLOGON.DLL >
    [2008/01/20 22:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
    [2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
    [2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
    [2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
    [2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
    [2008/01/20 22:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

    < MD5 for: NVSTOR.SYS >
    [2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys


    < MD5 for: SCECLI.DLL >
    [2008/01/20 22:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
    [2008/01/20 22:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
    [2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
    [2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
    [2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
    [2009/04/11 03:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\System32\config\*.sav >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 64 bytes -> C:\Users\Jordan\Desktop\video.mp4:TOC.WMV
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:456A69E6

    < End of report >
  19. jsf

    jsf Newcomer, in training Topic Starter Posts: 17

    OTL Extras logfile created on: 10/18/2010 9:29:02 AM - Run 1
    OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Jordan\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 68.00% Memory free
    8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.07 Gb Total Space | 358.95 Gb Free Space | 79.58% Space Free | Partition Type: NTFS
    Drive D: | 14.65 Gb Total Space | 5.27 Gb Free Space | 35.97% Space Free | Partition Type: NTFS

    Computer Name: JORDAN-PC | User Name: Jordan | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [TVersity] -- "C:\Users\Jordan\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [TVersity] -- "C:\Users\Jordan\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = 00 96 B3 99 FC 76 CA 01 [binary data]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{002138F4-2ED1-4109-AA0F-F020E3376A2E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{05827987-8B39-4F64-B421-228C37E9809A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{074036D0-922C-4613-9073-4AF1FB8193A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{0B9833A4-F2E5-4195-BB09-A829CC1D076D}" = rport=445 | protocol=6 | dir=out | app=system |
    "{1408711E-9C56-4307-824F-D5D526A2EAB6}" = rport=137 | protocol=17 | dir=out | app=system |
    "{23D6EEA0-83FE-4B58-A023-97E3C0E78CC1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{24B42DF4-A533-44AC-AFF5-B210F5F50573}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{3462D771-BBE1-490B-AF5A-5B96E910CCA4}" = rport=10244 | protocol=6 | dir=out | app=system |
    "{36F9DD7D-3822-4315-9E59-E261D83F699E}" = lport=40093 | protocol=6 | dir=in | name=streaming web cam |
    "{3C9EED42-6D29-44C3-B8C1-ABDA3B0A5476}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{47E54B66-89FC-479A-B3A2-2B531616967F}" = lport=40092 | protocol=6 | dir=in | name=streaming web cam |
    "{538CC0A4-DE4C-4075-9A97-E048958EC4DB}" = lport=40090 | protocol=6 | dir=in | name=streaming web cam |
    "{58566F7D-673E-4E9C-8AA0-9797B7FB10D8}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
    "{5976F0A1-B183-4BAC-B3B7-EDD31F3C8B87}" = rport=139 | protocol=6 | dir=out | app=system |
    "{5A00307B-5956-435A-8E3B-BD28E21CDD92}" = lport=139 | protocol=6 | dir=in | app=system |
    "{657DFAB9-93F8-414E-84BF-6114501811BC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6BCA0F46-0F90-4420-95D4-491AB1DA5F1B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6E6A17AD-A2E6-4F6A-8C09-C39F01A6B81C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{7E9AA02A-D7A7-4129-9491-094797A8865B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{809306B0-67A1-4FEC-82D8-8DD41379CB54}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{809C4791-DD57-4AC0-B90F-9F5928FE9D79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{845A2E8C-FDCA-42D9-8680-EC3B2E3AC138}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{86A410AB-C409-40FA-8842-EEBA82A97784}" = lport=8372 | protocol=6 | dir=in | name=league of legends launcher |
    "{8AD4F7AC-59AC-48A6-B6C3-50B2BCF965BD}" = lport=40080 | protocol=6 | dir=in | name=remote access media server |
    "{8B8A7006-7A51-464D-8A6A-F637551B6946}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{8EE2B822-789C-46C7-A101-DAD398E0B971}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{8EF0D421-983B-4958-93DD-F126A680AEEC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{8EF4B350-BF35-434C-A8CF-0DBF5C309DA6}" = lport=137 | protocol=17 | dir=in | app=system |
    "{8FF0392D-A594-44D3-A3C3-625235199946}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
    "{935C43B6-1F7A-4047-8720-77AE4121CF62}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9367014C-3E0B-4E42-80E0-59AEEB2812E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{95A065DA-414D-4BE6-B7FA-A976EF094E07}" = rport=138 | protocol=17 | dir=out | app=system |
    "{A5255F21-6915-4AC5-ADE9-72801DF0F23C}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{AA0C5EDA-9EB5-44F8-954F-CEE60E1B6F2D}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{BC6ED3E4-5FC3-45FC-9E5D-322467018C5C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{BDD03EB2-C82D-4C24-9FB6-C94DACA3326D}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{BDF30A95-D6C5-4412-BB62-37840EA0ED68}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{BDF84798-D64E-471A-AF4B-8FEF61B608E6}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{C00CBA9A-38E4-4025-AC17-EB8DC513FC45}" = lport=40091 | protocol=6 | dir=in | name=streaming web cam |
    "{C01F2F8C-FD92-4ADD-877B-D926202B2AC1}" = lport=8372 | protocol=17 | dir=in | name=league of legends launcher |
    "{C2F0C580-A202-41CA-BEB5-D1A0274DC32B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C4435E7B-85BC-4A01-AF3E-EDF93AC3A54A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C8609546-0B8A-46E3-850D-C55A7503F4CD}" = lport=445 | protocol=6 | dir=in | app=system |
    "{CD140302-2311-40DD-9911-E58C42EA7CEA}" = rport=10244 | protocol=6 | dir=out | app=system |
    "{D0648027-FE65-427A-BC1C-62C0B50C952A}" = lport=40094 | protocol=6 | dir=in | name=streaming web cam |
    "{D1416FE3-F6A3-43B5-8DAD-CA505DFEE713}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{D7E6F0D9-903E-476C-80FF-9B590DF5F15F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E60B6895-BB3E-4872-B6DE-A73FE97011AC}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{EE8610C1-2888-4E85-946A-10987CACFA1C}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{F00C8784-8B3F-404E-B3E3-0DA30A31B3A3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F28E1751-3D91-428F-8E72-BE48888D9BD6}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{F55D4715-AA07-4F6A-AF51-4C313D3CDC7D}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{F86E6340-46BD-4D83-9670-953033FA4949}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{FFF61786-C93C-4696-B617-29C338F4B1B8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03495F8F-EBDC-4F34-98E1-CBA0A5D626AA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{06128F03-5676-48FF-AE0E-EF10A2499645}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{079818BB-8B98-4F07-BF40-C7CA4C0B68B9}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
    "{08B6E4FC-9C68-4137-8890-8BBE79F64828}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
    "{08F2ACE4-C38E-492C-9897-B4B3161FD9C5}" = protocol=6 | dir=in | app=c:\windows\syswow64\dldtcoms.exe |
    "{09129A24-6C2E-4CA2-9B69-60FC5BBE324D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{09591418-C817-495C-9119-4A2976E083E3}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
    "{0B44F5E5-5B2A-4B1F-852E-092FAE7A815B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{0C546867-430C-4758-9BDB-B847F58C3DA3}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
    "{0E6453C1-59FB-4109-8F02-F376BB2724C6}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
    "{0F521A06-2AAF-4DF4-A8FA-39C9D6704CA1}" = protocol=6 | dir=in | app=c:\users\jordan\appdata\local\temp\dldt\wireless\english\dldtwpss.exe |
    "{1041C266-DE0C-498D-8C19-DCD9487B870E}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
    "{15D76E1B-BAA6-42DA-8692-B74DA5631129}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{21A425C1-403C-4831-AA8C-BD7C8BABA7A9}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
    "{21E00228-C98F-45A5-9A37-3F5AF791B733}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{24D3D6A8-A98D-4D61-B133-042268AC48AD}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
    "{288419E2-AF8D-4FBB-91F4-C0700FFDC4C3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{289338CC-E399-4136-BE56-611AEBE549D3}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldttime.exe |
    "{291D84B1-C9A7-4B58-9892-DBBA33106A05}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{2977910C-FFFC-4585-99AC-9FF4CF0B084D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\remote access file sync service\dsl_fs_sync.exe |
    "{2992FD29-5A25-4620-8F62-952E7F5801EB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{2DC93722-A2DA-4217-B949-ADFA301275A1}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
    "{3156C0FC-C751-4868-94AD-FF86F6E11507}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{32376BB6-E9EA-4211-BC0C-A66A7D329AE5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\apache\bin\httpd.exe |
    "{33DF5475-76B4-4505-A6E8-3396C13B0FBC}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
    "{355C1828-E920-4822-8B31-499C19136970}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
    "{3644D362-B2F2-4515-B591-0B41353335D7}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysqld.exe |
    "{410B8C67-7854-448B-B27A-8F03F2EFFC65}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{435D1C8B-486B-42A4-8AC9-327037D2C77A}" = protocol=17 | dir=in | app=c:\windows\system32\dldtcoms.exe |
    "{4446E8A7-82A6-483A-BDD9-A9D1FF6931CF}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
    "{487BF0F8-8FED-49E7-A218-3F6D6BC43DA6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
    "{4BB6CF00-6F3F-438E-A388-5A1396C13687}" = protocol=6 | dir=out | app=system |
    "{4C6713E3-EC09-4A41-AE12-69D8695284F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{4C6DDFFB-CC35-4DD6-8367-1C72957B5B59}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "{4C849F6E-21F8-47AA-8343-CB599FA130EF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{4DD25291-925A-4977-8159-B2115CDEC1E7}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\remote access file sync service\dsl_fs_sync.exe |
    "{4E549EA1-2896-493B-8A70-1F80A78D2B70}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
    "{5077A0C7-4EAC-4B5B-BAF8-4595050DE8E5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{517B72CF-097F-4609-9538-674E22F718BC}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{53D8276D-571C-4012-9704-23647181777C}" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
    "{53E0244B-D85C-4A22-B970-3B9C2A16B33F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\apache\bin\httpd.exe |
    "{560F8702-DA4A-404F-BFBA-7B5FA08F8401}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
    "{5A655C02-9958-4681-9063-7E35FE2BEC56}" = protocol=6 | dir=in | app=c:\users\jordan\appdata\local\tversity\media server\mediaserver.exe |
    "{5AA047F8-D0ED-495C-96FE-871394EC3EFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{67908BC5-4E41-4FD8-BD94-D0C8826B53A9}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
    "{69D5FC37-BFA4-452C-BBDE-6AD7B27EFF58}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
    "{6EF6CA61-038A-4826-9A90-70F91B9F9257}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{6F39CACB-58B5-46A0-88C6-93A0D560CBD0}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{70BD93FF-4FE0-40AE-A0D7-C35382AAA51B}" = protocol=17 | dir=in | app=c:\users\jordan\appdata\local\tversity\media server\mediaserver.exe |
    "{70E3C8EF-07FF-411A-B3D0-CB5E37A0AA6C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\apache\php.exe |
    "{716417C0-4F0B-472C-9EE9-3018342ED7E5}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{7471A8AC-C69B-43F9-9567-20457061308A}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v305\frun.exe |
    "{74D2F64D-28F0-4AEB-885F-F0AF2F75C9A7}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "{758F21BA-D520-45CF-A8E3-9FFB7A35F0DF}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
    "{7A2F009A-99EC-46EF-B304-00B05A954B71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7D198959-DF78-47A4-8E4D-D77B046E4658}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{7F1F9937-6D80-4D81-A34D-4A3EE202B7C4}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysql.exe |
    "{80070346-7E2A-40D4-B619-0246F603F4A6}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
    "{8B69F89F-2CBC-4BB8-9E85-384F03E20EB2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8F374191-45F1-4818-94FD-199E6E1B0AE4}" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
    "{912AB418-2631-4E1A-829B-2ED06A445CE6}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{972E8CB4-F3CC-4194-A46F-17E242B70865}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{978CDB82-E662-4D76-A720-C95C2596A51D}" = protocol=6 | dir=in | app=c:\windows\system32\dldtcoms.exe |
    "{A336B1D8-22A6-41C6-869E-7AF51A9D3CE6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{A5828243-1A65-4574-8A37-234188C0BBB4}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtpswx.exe |
    "{A653762A-38EF-4079-BF3E-3634A13BD1B3}" = protocol=17 | dir=in | app=c:\users\jordan\appdata\local\temp\dldt\wireless\english\dldtwpss.exe |
    "{A73DC038-91C4-43EF-9305-CF3DC668750F}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
    "{A754D3FD-8060-48E4-8D8E-5AA6F7F4100E}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{A7A2E58E-1F36-4D16-8759-99645E68583E}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
    "{AB3F7BE9-743F-43B5-993A-E8FD500C858A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{AD762A09-8480-4E18-A0DA-462BCA78DE01}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
    "{B016AA85-0961-4741-95D7-E78F1E28685E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{B36E1B83-9B75-4C53-9D89-FAD92A44AE0A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\apache\php.exe |
    "{B4CF207A-50CB-4183-8BC2-CFB04DBFF5B8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{B7DF1E57-9D62-4DEA-8D69-0EC0F66CB58C}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{BB8006F1-46D7-449C-B03F-D833C13798A8}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
    "{BC320B34-1BA7-4EC5-B73D-A9A1B5C6E278}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysql.exe |
    "{BC3B7D78-2B32-4C53-A6E8-227D7F95F7D9}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtjswx.exe |
    "{BECE60A9-7FD4-458A-8263-8CB5DC8EA306}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{C026C19D-9C71-4083-BD9A-570FBF2F2F0E}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v305\dldtmon.exe |
    "{C3D69AE1-157A-4F41-95BB-98BED0F1E072}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{C82B303F-0F3D-461E-9D32-998D1FF733AB}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtjswx.exe |
    "{CD99CD01-E1C2-4068-B99E-29C074D9B378}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
    "{CF558BF4-666F-4387-9D78-55E730FD53D5}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v305\dldtamon.exe |
    "{CF9282BC-E927-4762-A16B-AC2F79201660}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v305\dldtamon.exe |
    "{D08E1395-27EB-4475-B080-929A64BE96FD}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
    "{D0B3EE9E-7FF2-4585-AE62-8FBE34195F6E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtpswx.exe |
    "{D3D047D2-539E-4722-BE83-9D1D3EEF7D81}" = protocol=17 | dir=in | app=c:\windows\syswow64\dldtcoms.exe |
    "{D4A42FFD-C4DA-4BF4-A8C8-D9FA1CF1BC4E}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v305\frun.exe |
    "{D6B55F73-DA40-48C3-8B05-84691D78AF99}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
    "{D9888D4B-CB9C-4FAD-B38E-AAE02B4EF97C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
    "{DA3F6555-6E44-4E3B-ABC7-9577FB5BCD5A}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
    "{DBFE86A9-E947-406B-8F34-36900591E2F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{DD6919F7-7A0F-45C9-A2B7-B90F02C28CC0}" = protocol=6 | dir=out | app=c:\windows\system32\msra.exe |
    "{DE1B43E7-2C39-43D5-9881-ECA66DCE2367}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldttime.exe |
    "{E13B73A7-B18F-4927-8B2D-C15FDCFD8769}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
    "{E2E53493-0905-4B67-9254-5B67416DEADA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{E3F33B2F-B142-425D-9BA2-B0D2163BFF77}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{E4D14034-5958-4545-BA6D-BA6EB1A4DDD5}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
    "{E564D18A-1418-4F9D-A29B-A7FD2414D343}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{E5B4B287-851A-4164-A15A-1CDFFAE46600}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe |
    "{E9D52595-5FEC-400D-861A-561D68F90F25}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
    "{EAB48CB8-ADF7-4013-BFEF-A430523FD94C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F12C67F7-C67A-4544-ADD5-1CD65FC76DC2}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
    "{F3C02907-E8B6-4EEE-9B33-853788CFFCA1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{F3E0406A-D017-4F7C-B713-59BA5F19269B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysqld.exe |
    "{F575827A-B73D-494C-BE08-3D1E8F1A397D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{F65959BD-5D8D-4C73-84DC-C10A5C9237C8}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v305\dldtmon.exe |
    "{F920315E-56F4-41BD-BB9A-1A63B9AF48A3}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
    "{FA7D3828-6CBD-4BAA-B76A-DBCFC264DCFF}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{FBF394D2-0B12-4C17-8E8B-820FED1C2631}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{FCDF79C8-D313-405B-B1C9-622B67E23AA2}" = dir=in | app=c:\program files (x86)\pharossystems\core\ctskmstr.exe |
    "{FDAAFEC4-9833-4974-BC04-28FCDBBA2AC4}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
    "TCP Query User{4DEECD8E-B16A-4071-9F16-DC132E31E6CA}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
    "TCP Query User{7DE68880-B916-4AB9-AE20-6F7E6A0674BC}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
    "TCP Query User{83433211-B507-4F57-AB0D-DBFC8FBF42CB}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
    "TCP Query User{DE445069-4058-4959-8941-364DB05CF8B6}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "TCP Query User{E0C0909A-19F0-4CEF-8CF5-EE706F4089D5}C:\program files (x86)\dell v305\dldtmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell v305\dldtmon.exe |
    "TCP Query User{E9EC453D-3795-43D5-AC78-CFAE835F565B}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "TCP Query User{ECDD3B46-4537-4EAA-BD9F-031B6E0B3000}C:\windows\system32\spool\drivers\x64\3\dldtpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtpswx.exe |
    "TCP Query User{FD83358C-4DD3-45D5-B8F0-853B0FA9E753}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "UDP Query User{1A0D7DD6-0E41-411F-98F1-6817A6BBEB9B}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "UDP Query User{50AC9F9F-AE07-4AF6-B2F7-8FFCDF010415}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
    "UDP Query User{52B6C7AC-79F3-49BB-9ABE-A01CCA58F39A}C:\windows\system32\spool\drivers\x64\3\dldtpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtpswx.exe |
    "UDP Query User{57E42E69-5467-49C4-B1D4-FDA09CFC498B}C:\program files (x86)\dell v305\dldtmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell v305\dldtmon.exe |
    "UDP Query User{82175FC7-750D-4256-B16F-38527E9C724C}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "UDP Query User{A730CE6F-F443-4751-90FF-4983FAF7C5D7}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
    "UDP Query User{C3601F0E-AF0B-43F0-9297-E94BABF692B7}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "UDP Query User{D9947450-04FC-4934-9778-4AB1AB644572}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4402
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
    "{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
    "{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{91415F19-4C22-3609-A105-92ED3522D83C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
    "{FF9F3663-0357-4132-AD8C-2BC1397D88AF}" = Symantec Endpoint Protection
    "Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
    "Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
    "Dell V305" = Dell V305
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "SynTPDeinstKey" = Dell Touchpad
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
    "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20B83B31-09C4-4F0E-9774-EF8A12A0A527}" = Adobe Device Central CS3
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}" = Citrix Presentation Server Client - Web Only
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
    "{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
    "{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
    "{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
    "{4BF021F7-37A7-4086-B4F1-D5914925D18B}" = VZAccess Manager
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
    "{67635FB6-2F63-4FFB-830B-D4C01597EBA4}" = Microsoft Office Suite Activation Assistant
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}" = Sound Blaster X-Fi MB
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
    "{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
    "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
    "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
    "{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DB249302-FB94-4578-84FE-7B856C315779}" = HTC Sync
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{DE057B84-3977-4107-AA5C-BD0600CDC8DF}" = MINITAB 14 Student
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
    "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
    "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Complete Care Consumer Service Agreement
    "{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
    "{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
    "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
    "{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
    "{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
    "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
    "Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "AIM_7" = AIM 7
    "avast5" = avast! Free Antivirus
    "CCleaner" = CCleaner
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Dell Video Chat" = Dell Video Chat
    "Dell Webcam Central" = Dell Webcam Central
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "HTC_WModemDriver" = WModem Driver Installer
    "InstallShield_{DE057B84-3977-4107-AA5C-BD0600CDC8DF}" = MINITAB 14 Student
    "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
    "MSC" = McAfee SecurityCenter
    "Pharos" = Pharos
    "PROR" = Microsoft Office Professional 2007
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "StarCraft" = StarCraft
    "StarCraft II" = StarCraft II
    "Steam App 10" = Counter-Strike
    "Steam App 440" = Team Fortress 2
    "StreamTorrent 1.0" = StreamTorrent 1.0
    "Veetle TV" = Veetle TV 0.9.18
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "Warcraft III" = Warcraft III
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "309a46b1dc89b774" = Dell Driver Download Manager
    "FileZilla Client" = FileZilla Client 3.3.4.1

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/11/2010 9:54:36 PM | Computer Name = Jordan-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 10/11/2010 9:54:37 PM | Computer Name = Jordan-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 10/11/2010 9:54:37 PM | Computer Name = Jordan-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 10/11/2010 9:54:37 PM | Computer Name = Jordan-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 10/12/2010 12:03:38 AM | Computer Name = Jordan-PC | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.3909, time
    stamp 0x4c8fdc89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp
    0x49e03824, exception code 0xc0000005, fault offset 0x0001e562, process id 0xd30,
    application start time 0x01cb68e2520ff57f.

    Error - 10/12/2010 12:40:12 AM | Computer Name = Jordan-PC | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
    0x49e02a1e, faulting module explorer.exe, version 6.0.6002.18005, time stamp 0x49e02a1e,
    exception code 0xc0000005, fault offset 0x0000000000026478, process id 0x1df0, application
    start time 0x01cb69af96053cb0.

    Error - 10/12/2010 1:40:21 AM | Computer Name = Jordan-PC | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
    0x49e02a1e, faulting module explorer.exe, version 6.0.6002.18005, time stamp 0x49e02a1e,
    exception code 0xc0000005, fault offset 0x0000000000026478, process id 0xd10, application
    start time 0x01cb69c792a80ca4.

    Error - 10/12/2010 2:45:30 AM | Computer Name = Jordan-PC | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
    0x49e02a1e, faulting module explorer.exe, version 6.0.6002.18005, time stamp 0x49e02a1e,
    exception code 0xc0000005, fault offset 0x0000000000026478, process id 0xccc, application
    start time 0x01cb69cffa31f42e.

    Error - 10/12/2010 10:30:42 AM | Computer Name = Jordan-PC | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
    0x49e02a1e, faulting module explorer.exe, version 6.0.6002.18005, time stamp 0x49e02a1e,
    exception code 0xc0000005, fault offset 0x0000000000026478, process id 0x1b00, application
    start time 0x01cb69d914bc4b85.

    Error - 10/12/2010 1:31:35 PM | Computer Name = Jordan-PC | Source = Bonjour Service | ID = 100
    Description =

    [ Broadcom Wireless LAN Events ]
    Error - 9/19/2010 11:39:46 PM | Computer Name = Jordan-PC | Source = WLAN-Tray | ID = 0
    Description = 23:39:46, Sun, Sep 19, 10 Error - Unable to get current user admin
    status

    [ Media Center Events ]
    Error - 8/30/2009 8:32:25 PM | Computer Name = Jordan-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
    returned 0D Process: DefaultDomain Object Name: Media Center Guide

    Error - 9/12/2009 3:24:38 PM | Computer Name = Jordan-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 11/17/2009 10:44:00 PM | Computer Name = Jordan-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 12/1/2009 12:09:14 AM | Computer Name = Jordan-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 12/23/2009 9:59:01 PM | Computer Name = Jordan-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 2/27/2010 6:34:57 PM | Computer Name = Jordan-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ System Events ]
    Error - 10/18/2010 3:17:31 AM | Computer Name = Jordan-PC | Source = DCOM | ID = 10005
    Description =

    Error - 10/18/2010 3:17:32 AM | Computer Name = Jordan-PC | Source = DCOM | ID = 10005
    Description =

    Error - 10/18/2010 3:17:36 AM | Computer Name = Jordan-PC | Source = DCOM | ID = 10005
    Description =

    Error - 10/18/2010 3:17:41 AM | Computer Name = Jordan-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 10/18/2010 3:17:41 AM | Computer Name = Jordan-PC | Source = Service Control Manager | ID = 7001
    Description =
  20. jsf

    jsf Newcomer, in training Topic Starter Posts: 17

    OTL Extras logfile created on: 10/18/2010 9:29:02 AM - Run 1
    OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Jordan\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 68.00% Memory free
    8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.07 Gb Total Space | 358.95 Gb Free Space | 79.58% Space Free | Partition Type: NTFS
    Drive D: | 14.65 Gb Total Space | 5.27 Gb Free Space | 35.97% Space Free | Partition Type: NTFS

    Computer Name: JORDAN-PC | User Name: Jordan | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [TVersity] -- "C:\Users\Jordan\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [TVersity] -- "C:\Users\Jordan\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = 00 96 B3 99 FC 76 CA 01 [binary data]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{002138F4-2ED1-4109-AA0F-F020E3376A2E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{05827987-8B39-4F64-B421-228C37E9809A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{074036D0-922C-4613-9073-4AF1FB8193A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{0B9833A4-F2E5-4195-BB09-A829CC1D076D}" = rport=445 | protocol=6 | dir=out | app=system |
    "{1408711E-9C56-4307-824F-D5D526A2EAB6}" = rport=137 | protocol=17 | dir=out | app=system |
    "{23D6EEA0-83FE-4B58-A023-97E3C0E78CC1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{24B42DF4-A533-44AC-AFF5-B210F5F50573}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{3462D771-BBE1-490B-AF5A-5B96E910CCA4}" = rport=10244 | protocol=6 | dir=out | app=system |
    "{36F9DD7D-3822-4315-9E59-E261D83F699E}" = lport=40093 | protocol=6 | dir=in | name=streaming web cam |
    "{3C9EED42-6D29-44C3-B8C1-ABDA3B0A5476}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{47E54B66-89FC-479A-B3A2-2B531616967F}" = lport=40092 | protocol=6 | dir=in | name=streaming web cam |
    "{538CC0A4-DE4C-4075-9A97-E048958EC4DB}" = lport=40090 | protocol=6 | dir=in | name=streaming web cam |
    "{58566F7D-673E-4E9C-8AA0-9797B7FB10D8}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
    "{5976F0A1-B183-4BAC-B3B7-EDD31F3C8B87}" = rport=139 | protocol=6 | dir=out | app=system |
    "{5A00307B-5956-435A-8E3B-BD28E21CDD92}" = lport=139 | protocol=6 | dir=in | app=system |
    "{657DFAB9-93F8-414E-84BF-6114501811BC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6BCA0F46-0F90-4420-95D4-491AB1DA5F1B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6E6A17AD-A2E6-4F6A-8C09-C39F01A6B81C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{7E9AA02A-D7A7-4129-9491-094797A8865B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{809306B0-67A1-4FEC-82D8-8DD41379CB54}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{809C4791-DD57-4AC0-B90F-9F5928FE9D79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{845A2E8C-FDCA-42D9-8680-EC3B2E3AC138}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{86A410AB-C409-40FA-8842-EEBA82A97784}" = lport=8372 | protocol=6 | dir=in | name=league of legends launcher |
    "{8AD4F7AC-59AC-48A6-B6C3-50B2BCF965BD}" = lport=40080 | protocol=6 | dir=in | name=remote access media server |
    "{8B8A7006-7A51-464D-8A6A-F637551B6946}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{8EE2B822-789C-46C7-A101-DAD398E0B971}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{8EF0D421-983B-4958-93DD-F126A680AEEC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{8EF4B350-BF35-434C-A8CF-0DBF5C309DA6}" = lport=137 | protocol=17 | dir=in | app=system |
    "{8FF0392D-A594-44D3-A3C3-625235199946}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
    "{935C43B6-1F7A-4047-8720-77AE4121CF62}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9367014C-3E0B-4E42-80E0-59AEEB2812E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{95A065DA-414D-4BE6-B7FA-A976EF094E07}" = rport=138 | protocol=17 | dir=out | app=system |
    "{A5255F21-6915-4AC5-ADE9-72801DF0F23C}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{AA0C5EDA-9EB5-44F8-954F-CEE60E1B6F2D}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{BC6ED3E4-5FC3-45FC-9E5D-322467018C5C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{BDD03EB2-C82D-4C24-9FB6-C94DACA3326D}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{BDF30A95-D6C5-4412-BB62-37840EA0ED68}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{BDF84798-D64E-471A-AF4B-8FEF61B608E6}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{C00CBA9A-38E4-4025-AC17-EB8DC513FC45}" = lport=40091 | protocol=6 | dir=in | name=streaming web cam |
    "{C01F2F8C-FD92-4ADD-877B-D926202B2AC1}" = lport=8372 | protocol=17 | dir=in | name=league of legends launcher |
    "{C2F0C580-A202-41CA-BEB5-D1A0274DC32B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C4435E7B-85BC-4A01-AF3E-EDF93AC3A54A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C8609546-0B8A-46E3-850D-C55A7503F4CD}" = lport=445 | protocol=6 | dir=in | app=system |
    "{CD140302-2311-40DD-9911-E58C42EA7CEA}" = rport=10244 | protocol=6 | dir=out | app=system |
    "{D0648027-FE65-427A-BC1C-62C0B50C952A}" = lport=40094 | protocol=6 | dir=in | name=streaming web cam |
    "{D1416FE3-F6A3-43B5-8DAD-CA505DFEE713}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{D7E6F0D9-903E-476C-80FF-9B590DF5F15F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E60B6895-BB3E-4872-B6DE-A73FE97011AC}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{EE8610C1-2888-4E85-946A-10987CACFA1C}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{F00C8784-8B3F-404E-B3E3-0DA30A31B3A3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F28E1751-3D91-428F-8E72-BE48888D9BD6}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{F55D4715-AA07-4F6A-AF51-4C313D3CDC7D}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{F86E6340-46BD-4D83-9670-953033FA4949}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{FFF61786-C93C-4696-B617-29C338F4B1B8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03495F8F-EBDC-4F34-98E1-CBA0A5D626AA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{06128F03-5676-48FF-AE0E-EF10A2499645}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{079818BB-8B98-4F07-BF40-C7CA4C0B68B9}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
    "{08B6E4FC-9C68-4137-8890-8BBE79F64828}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
    "{08F2ACE4-C38E-492C-9897-B4B3161FD9C5}" = protocol=6 | dir=in | app=c:\windows\syswow64\dldtcoms.exe |
    "{09129A24-6C2E-4CA2-9B69-60FC5BBE324D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{09591418-C817-495C-9119-4A2976E083E3}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
    "{0B44F5E5-5B2A-4B1F-852E-092FAE7A815B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{0C546867-430C-4758-9BDB-B847F58C3DA3}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
    "{0E6453C1-59FB-4109-8F02-F376BB2724C6}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
    "{0F521A06-2AAF-4DF4-A8FA-39C9D6704CA1}" = protocol=6 | dir=in | app=c:\users\jordan\appdata\local\temp\dldt\wireless\english\dldtwpss.exe |
    "{1041C266-DE0C-498D-8C19-DCD9487B870E}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
    "{15D76E1B-BAA6-42DA-8692-B74DA5631129}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{21A425C1-403C-4831-AA8C-BD7C8BABA7A9}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
    "{21E00228-C98F-45A5-9A37-3F5AF791B733}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{24D3D6A8-A98D-4D61-B133-042268AC48AD}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
    "{288419E2-AF8D-4FBB-91F4-C0700FFDC4C3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{289338CC-E399-4136-BE56-611AEBE549D3}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldttime.exe |
    "{291D84B1-C9A7-4B58-9892-DBBA33106A05}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{2977910C-FFFC-4585-99AC-9FF4CF0B084D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\remote access file sync service\dsl_fs_sync.exe |
    "{2992FD29-5A25-4620-8F62-952E7F5801EB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{2DC93722-A2DA-4217-B949-ADFA301275A1}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
    "{3156C0FC-C751-4868-94AD-FF86F6E11507}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{32376BB6-E9EA-4211-BC0C-A66A7D329AE5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\apache\bin\httpd.exe |
    "{33DF5475-76B4-4505-A6E8-3396C13B0FBC}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
    "{355C1828-E920-4822-8B31-499C19136970}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
    "{3644D362-B2F2-4515-B591-0B41353335D7}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysqld.exe |
    "{410B8C67-7854-448B-B27A-8F03F2EFFC65}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{435D1C8B-486B-42A4-8AC9-327037D2C77A}" = protocol=17 | dir=in | app=c:\windows\system32\dldtcoms.exe |
    "{4446E8A7-82A6-483A-BDD9-A9D1FF6931CF}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
    "{487BF0F8-8FED-49E7-A218-3F6D6BC43DA6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
    "{4BB6CF00-6F3F-438E-A388-5A1396C13687}" = protocol=6 | dir=out | app=system |
    "{4C6713E3-EC09-4A41-AE12-69D8695284F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{4C6DDFFB-CC35-4DD6-8367-1C72957B5B59}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "{4C849F6E-21F8-47AA-8343-CB599FA130EF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{4DD25291-925A-4977-8159-B2115CDEC1E7}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\remote access file sync service\dsl_fs_sync.exe |
    "{4E549EA1-2896-493B-8A70-1F80A78D2B70}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
    "{5077A0C7-4EAC-4B5B-BAF8-4595050DE8E5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{517B72CF-097F-4609-9538-674E22F718BC}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{53D8276D-571C-4012-9704-23647181777C}" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
    "{53E0244B-D85C-4A22-B970-3B9C2A16B33F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\apache\bin\httpd.exe |
    "{560F8702-DA4A-404F-BFBA-7B5FA08F8401}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
    "{5A655C02-9958-4681-9063-7E35FE2BEC56}" = protocol=6 | dir=in | app=c:\users\jordan\appdata\local\tversity\media server\mediaserver.exe |
    "{5AA047F8-D0ED-495C-96FE-871394EC3EFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{67908BC5-4E41-4FD8-BD94-D0C8826B53A9}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
    "{69D5FC37-BFA4-452C-BBDE-6AD7B27EFF58}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
    "{6EF6CA61-038A-4826-9A90-70F91B9F9257}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{6F39CACB-58B5-46A0-88C6-93A0D560CBD0}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{70BD93FF-4FE0-40AE-A0D7-C35382AAA51B}" = protocol=17 | dir=in | app=c:\users\jordan\appdata\local\tversity\media server\mediaserver.exe |
    "{70E3C8EF-07FF-411A-B3D0-CB5E37A0AA6C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\apache\php.exe |
    "{716417C0-4F0B-472C-9EE9-3018342ED7E5}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{7471A8AC-C69B-43F9-9567-20457061308A}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v305\frun.exe |
    "{74D2F64D-28F0-4AEB-885F-F0AF2F75C9A7}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "{758F21BA-D520-45CF-A8E3-9FFB7A35F0DF}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
    "{7A2F009A-99EC-46EF-B304-00B05A954B71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7D198959-DF78-47A4-8E4D-D77B046E4658}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{7F1F9937-6D80-4D81-A34D-4A3EE202B7C4}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysql.exe |
    "{80070346-7E2A-40D4-B619-0246F603F4A6}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
    "{8B69F89F-2CBC-4BB8-9E85-384F03E20EB2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8F374191-45F1-4818-94FD-199E6E1B0AE4}" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
    "{912AB418-2631-4E1A-829B-2ED06A445CE6}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{972E8CB4-F3CC-4194-A46F-17E242B70865}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{978CDB82-E662-4D76-A720-C95C2596A51D}" = protocol=6 | dir=in | app=c:\windows\system32\dldtcoms.exe |
    "{A336B1D8-22A6-41C6-869E-7AF51A9D3CE6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{A5828243-1A65-4574-8A37-234188C0BBB4}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtpswx.exe |
    "{A653762A-38EF-4079-BF3E-3634A13BD1B3}" = protocol=17 | dir=in | app=c:\users\jordan\appdata\local\temp\dldt\wireless\english\dldtwpss.exe |
    "{A73DC038-91C4-43EF-9305-CF3DC668750F}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
    "{A754D3FD-8060-48E4-8D8E-5AA6F7F4100E}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{A7A2E58E-1F36-4D16-8759-99645E68583E}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
    "{AB3F7BE9-743F-43B5-993A-E8FD500C858A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{AD762A09-8480-4E18-A0DA-462BCA78DE01}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
    "{B016AA85-0961-4741-95D7-E78F1E28685E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{B36E1B83-9B75-4C53-9D89-FAD92A44AE0A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\apache\php.exe |
    "{B4CF207A-50CB-4183-8BC2-CFB04DBFF5B8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{B7DF1E57-9D62-4DEA-8D69-0EC0F66CB58C}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{BB8006F1-46D7-449C-B03F-D833C13798A8}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
    "{BC320B34-1BA7-4EC5-B73D-A9A1B5C6E278}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysql.exe |
    "{BC3B7D78-2B32-4C53-A6E8-227D7F95F7D9}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtjswx.exe |
    "{BECE60A9-7FD4-458A-8263-8CB5DC8EA306}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{C026C19D-9C71-4083-BD9A-570FBF2F2F0E}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v305\dldtmon.exe |
    "{C3D69AE1-157A-4F41-95BB-98BED0F1E072}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{C82B303F-0F3D-461E-9D32-998D1FF733AB}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtjswx.exe |
    "{CD99CD01-E1C2-4068-B99E-29C074D9B378}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
    "{CF558BF4-666F-4387-9D78-55E730FD53D5}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v305\dldtamon.exe |
    "{CF9282BC-E927-4762-A16B-AC2F79201660}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v305\dldtamon.exe |
    "{D08E1395-27EB-4475-B080-929A64BE96FD}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
    "{D0B3EE9E-7FF2-4585-AE62-8FBE34195F6E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtpswx.exe |
    "{D3D047D2-539E-4722-BE83-9D1D3EEF7D81}" = protocol=17 | dir=in | app=c:\windows\syswow64\dldtcoms.exe |
    "{D4A42FFD-C4DA-4BF4-A8C8-D9FA1CF1BC4E}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v305\frun.exe |
    "{D6B55F73-DA40-48C3-8B05-84691D78AF99}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
    "{D9888D4B-CB9C-4FAD-B38E-AAE02B4EF97C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
    "{DA3F6555-6E44-4E3B-ABC7-9577FB5BCD5A}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
    "{DBFE86A9-E947-406B-8F34-36900591E2F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{DD6919F7-7A0F-45C9-A2B7-B90F02C28CC0}" = protocol=6 | dir=out | app=c:\windows\system32\msra.exe |
    "{DE1B43E7-2C39-43D5-9881-ECA66DCE2367}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldttime.exe |
    "{E13B73A7-B18F-4927-8B2D-C15FDCFD8769}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
    "{E2E53493-0905-4B67-9254-5B67416DEADA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{E3F33B2F-B142-425D-9BA2-B0D2163BFF77}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{E4D14034-5958-4545-BA6D-BA6EB1A4DDD5}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
    "{E564D18A-1418-4F9D-A29B-A7FD2414D343}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{E5B4B287-851A-4164-A15A-1CDFFAE46600}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe |
    "{E9D52595-5FEC-400D-861A-561D68F90F25}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
    "{EAB48CB8-ADF7-4013-BFEF-A430523FD94C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F12C67F7-C67A-4544-ADD5-1CD65FC76DC2}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
    "{F3C02907-E8B6-4EEE-9B33-853788CFFCA1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{F3E0406A-D017-4F7C-B713-59BA5F19269B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysqld.exe |
    "{F575827A-B73D-494C-BE08-3D1E8F1A397D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{F65959BD-5D8D-4C73-84DC-C10A5C9237C8}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v305\dldtmon.exe |
    "{F920315E-56F4-41BD-BB9A-1A63B9AF48A3}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
    "{FA7D3828-6CBD-4BAA-B76A-DBCFC264DCFF}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{FBF394D2-0B12-4C17-8E8B-820FED1C2631}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{FCDF79C8-D313-405B-B1C9-622B67E23AA2}" = dir=in | app=c:\program files (x86)\pharossystems\core\ctskmstr.exe |
    "{FDAAFEC4-9833-4974-BC04-28FCDBBA2AC4}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
    "TCP Query User{4DEECD8E-B16A-4071-9F16-DC132E31E6CA}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
    "TCP Query User{7DE68880-B916-4AB9-AE20-6F7E6A0674BC}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
    "TCP Query User{83433211-B507-4F57-AB0D-DBFC8FBF42CB}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
    "TCP Query User{DE445069-4058-4959-8941-364DB05CF8B6}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "TCP Query User{E0C0909A-19F0-4CEF-8CF5-EE706F4089D5}C:\program files (x86)\dell v305\dldtmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell v305\dldtmon.exe |
    "TCP Query User{E9EC453D-3795-43D5-AC78-CFAE835F565B}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "TCP Query User{ECDD3B46-4537-4EAA-BD9F-031B6E0B3000}C:\windows\system32\spool\drivers\x64\3\dldtpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtpswx.exe |
    "TCP Query User{FD83358C-4DD3-45D5-B8F0-853B0FA9E753}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "UDP Query User{1A0D7DD6-0E41-411F-98F1-6817A6BBEB9B}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "UDP Query User{50AC9F9F-AE07-4AF6-B2F7-8FFCDF010415}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
    "UDP Query User{52B6C7AC-79F3-49BB-9ABE-A01CCA58F39A}C:\windows\system32\spool\drivers\x64\3\dldtpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtpswx.exe |
    "UDP Query User{57E42E69-5467-49C4-B1D4-FDA09CFC498B}C:\program files (x86)\dell v305\dldtmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell v305\dldtmon.exe |
    "UDP Query User{82175FC7-750D-4256-B16F-38527E9C724C}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "UDP Query User{A730CE6F-F443-4751-90FF-4983FAF7C5D7}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
    "UDP Query User{C3601F0E-AF0B-43F0-9297-E94BABF692B7}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "UDP Query User{D9947450-04FC-4934-9778-4AB1AB644572}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4402
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
    "{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
    "{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{91415F19-4C22-3609-A105-92ED3522D83C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
    "{FF9F3663-0357-4132-AD8C-2BC1397D88AF}" = Symantec Endpoint Protection
    "Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
    "Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
    "Dell V305" = Dell V305
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "SynTPDeinstKey" = Dell Touchpad
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
    "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20B83B31-09C4-4F0E-9774-EF8A12A0A527}" = Adobe Device Central CS3
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}" = Citrix Presentation Server Client - Web Only
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
    "{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
    "{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
    "{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
    "{4BF021F7-37A7-4086-B4F1-D5914925D18B}" = VZAccess Manager
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
    "{67635FB6-2F63-4FFB-830B-D4C01597EBA4}" = Microsoft Office Suite Activation Assistant
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}" = Sound Blaster X-Fi MB
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
    "{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
    "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
    "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
    "{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DB249302-FB94-4578-84FE-7B856C315779}" = HTC Sync
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{DE057B84-3977-4107-AA5C-BD0600CDC8DF}" = MINITAB 14 Student
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
    "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
    "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Complete Care Consumer Service Agreement
    "{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
    "{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
    "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
    "{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
    "{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
    "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
    "Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "AIM_7" = AIM 7
    "avast5" = avast! Free Antivirus
    "CCleaner" = CCleaner
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Dell Video Chat" = Dell Video Chat
    "Dell Webcam Central" = Dell Webcam Central
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "HTC_WModemDriver" = WModem Driver Installer
    "InstallShield_{DE057B84-3977-4107-AA5C-BD0600CDC8DF}" = MINITAB 14 Student
    "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
    "MSC" = McAfee SecurityCenter
    "Pharos" = Pharos
    "PROR" = Microsoft Office Professional 2007
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "StarCraft" = StarCraft
    "StarCraft II" = StarCraft II
    "Steam App 10" = Counter-Strike
    "Steam App 440" = Team Fortress 2
    "StreamTorrent 1.0" = StreamTorrent 1.0
    "Veetle TV" = Veetle TV 0.9.18
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "Warcraft III" = Warcraft III
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "309a46b1dc89b774" = Dell Driver Download Manager
    "FileZilla Client" = FileZilla Client 3.3.4.1

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/11/2010 9:54:36 PM | Computer Name = Jordan-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 10/11/2010 9:54:37 PM | Computer Name = Jordan-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 10/11/2010 9:54:37 PM | Computer Name = Jordan-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 10/11/2010 9:54:37 PM | Computer Name = Jordan-PC | Source = Bonjour Service | ID = 100
    Description =

    Error - 10/12/2010 12:03:38 AM | Computer Name = Jordan-PC | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.3909, time
    stamp 0x4c8fdc89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp
    0x49e03824, exception code 0xc0000005, fault offset 0x0001e562, process id 0xd30,
    application start time 0x01cb68e2520ff57f.

    Error - 10/12/2010 12:40:12 AM | Computer Name = Jordan-PC | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
    0x49e02a1e, faulting module explorer.exe, version 6.0.6002.18005, time stamp 0x49e02a1e,
    exception code 0xc0000005, fault offset 0x0000000000026478, process id 0x1df0, application
    start time 0x01cb69af96053cb0.

    Error - 10/12/2010 1:40:21 AM | Computer Name = Jordan-PC | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
    0x49e02a1e, faulting module explorer.exe, version 6.0.6002.18005, time stamp 0x49e02a1e,
    exception code 0xc0000005, fault offset 0x0000000000026478, process id 0xd10, application
    start time 0x01cb69c792a80ca4.

    Error - 10/12/2010 2:45:30 AM | Computer Name = Jordan-PC | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
    0x49e02a1e, faulting module explorer.exe, version 6.0.6002.18005, time stamp 0x49e02a1e,
    exception code 0xc0000005, fault offset 0x0000000000026478, process id 0xccc, application
    start time 0x01cb69cffa31f42e.

    Error - 10/12/2010 10:30:42 AM | Computer Name = Jordan-PC | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
    0x49e02a1e, faulting module explorer.exe, version 6.0.6002.18005, time stamp 0x49e02a1e,
    exception code 0xc0000005, fault offset 0x0000000000026478, process id 0x1b00, application
    start time 0x01cb69d914bc4b85.

    Error - 10/12/2010 1:31:35 PM | Computer Name = Jordan-PC | Source = Bonjour Service | ID = 100
    Description =

    [ Broadcom Wireless LAN Events ]
    Error - 9/19/2010 11:39:46 PM | Computer Name = Jordan-PC | Source = WLAN-Tray | ID = 0
    Description = 23:39:46, Sun, Sep 19, 10 Error - Unable to get current user admin
    status

    [ Media Center Events ]
    Error - 8/30/2009 8:32:25 PM | Computer Name = Jordan-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
    returned 0D Process: DefaultDomain Object Name: Media Center Guide

    Error - 9/12/2009 3:24:38 PM | Computer Name = Jordan-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
  21. jsf

    jsf Newcomer, in training Topic Starter Posts: 17

    Error - 11/17/2009 10:44:00 PM | Computer Name = Jordan-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 12/1/2009 12:09:14 AM | Computer Name = Jordan-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 12/23/2009 9:59:01 PM | Computer Name = Jordan-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 2/27/2010 6:34:57 PM | Computer Name = Jordan-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ System Events ]
    Error - 10/18/2010 3:17:31 AM | Computer Name = Jordan-PC | Source = DCOM | ID = 10005
    Description =

    Error - 10/18/2010 3:17:32 AM | Computer Name = Jordan-PC | Source = DCOM | ID = 10005
    Description =

    Error - 10/18/2010 3:17:36 AM | Computer Name = Jordan-PC | Source = DCOM | ID = 10005
    Description =

    Error - 10/18/2010 3:17:41 AM | Computer Name = Jordan-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 10/18/2010 3:17:41 AM | Computer Name = Jordan-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 10/18/2010 3:17:41 AM | Computer Name = Jordan-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 10/18/2010 3:17:41 AM | Computer Name = Jordan-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 10/18/2010 3:17:41 AM | Computer Name = Jordan-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 10/18/2010 3:19:05 AM | Computer Name = Jordan-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 10/18/2010 3:21:07 AM | Computer Name = Jordan-PC | Source = DCOM | ID = 10005
    Description =


    < End of report >
  22. jsf

    jsf Newcomer, in training Topic Starter Posts: 17

    Hey, sorry to bump but I figure you answer lots of these and some might get lost in the mix. Still having my issue, so I would appreciate any additional help.
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    OTL Custom Scan Fixes
    • Run OTL
    • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:
      Code:
      :OTL
      "TCP Query User{4DEECD8E-B16A-4071-9F16-DC132E31E6CA}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
      O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
      O1 - Hosts: 127.0.0.1 localhost
      O1 - Hosts: ::1 localhost
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
      O4 - HKLM..\Run: [FAStartup] File not found
      O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
      O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
      O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (Reg Error: Key error.)
      O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
      O32 - HKLM CDRom: AutoRun - 1
      O33 - MountPoints2\{12f84631-a917-11de-851f-002556d8d8b4}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
      O33 - MountPoints2\{38fb6d56-0ab5-11df-bd78-002556d8d8b4}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
      O33 - MountPoints2\{a45403fc-d1e7-11df-891b-002556d8d8b4}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe -- File not found
      O33 - MountPoints2\{a4540498-d1e7-11df-891b-002556d8d8b4}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe -- File not found
      O33 - MountPoints2\{a45404df-d1e7-11df-891b-002556d8d8b4}\Shell\AutoRun\command - "" = H:\TL-Bootstrap.exe -- File not found
      O33 - MountPoints2\{a45404fd-d1e7-11df-891b-002556d8d8b4}\Shell\AutoRun\command - "" = H:\TL-Bootstrap.exe -- File not found
      O34 - HKLM BootExecute: (autocheck autochk *) - File not found
      @Alternate Data Stream - 64 bytes -> C:\Users\Jordan\Desktop\video.mp4:TOC.WMV
      @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3
      @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:456A69E6
       
      :Reg
      64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
      helpfile [open] -- Reg Error: Key error.
      scrfile [open] -- "%1" /S File not found
      txtfile [edit] -- Reg Error: Key error.
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
      helpfile [open] -- Reg Error: Key error.
      regfile [merge] -- Reg Error: Key error.
      txtfile [edit] -- Reg Error: Key error.
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring" =-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "ViewpointMediaPlayer"
      "StreamTorrent 1.0" 
      :Files
      :Commands
      [purity]
      [emptytemp]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run uninterrupted, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
    ============================================
    I see see processes for multiple AV programs. If you used a removal tool for an AV, then the tool can be deleted after the program is deleted:
    Decide which AV you want to keep. Then run the removal tool for the others. Delete the program folder in Windows Explorer> My Comuter> Local Drive> Programs:
    [2010/10/19 10:45:44 C] (Symantec Corporation) -- C:\Users\Jordan\Desktop\Norton_Removal_Tool.exe
    [2010/10/18 09:27:39 C] (Kaspersky Lab ZAO) -- C:\Users\Jordan\Desktop\TDSSKiller.exe
    [2010/10/18 09:51:17 |C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\Jordan\Desktop\JavaRa.exe
    [2010/10/18 01:47:17 | -D | C] -- C:\Program Files\Alwil Software
    [2010/10/19 14:45:02 | M] () -- C:\Users\Jordan\Desktop\esetsmartinstaller_enu(2).exe
    [2010/10/19 11:32:03 | M] () -- C:\Users\Jordan\Desktop\esetsmartinstaller_enu.exe
    [2010/10/19 10:45:44 | M] (Symantec Corporation) -- C:\Users\Jordan\Desktop\Norton_Removal_Tool.exe
    [2010/10/18 09:29:26 | M] () -- C:\Users\Jordan\Desktop\SystemLook.exe
    [2010/10/04 09:08:00 | M] (Kaspersky Lab ZAO) -- C:\Users\Jordan\Desktop\TDSSKiller.exe
    [2010/10/22 19:27:21 | C] () -- C:\Users\Jordan\Desktop\ComboFix(2).exe
    [2010/10/19 17:09:07 | C] () -- C:\Program Files (x86)\ComboFix(2).exe
    [2010/10/22 19:27:21 | M] () -- C:\Users\Jordan\Desktop\ComboFix(2).exe
    [2010/10/19 17:09:08 | M] () -- C:\Program Files (x86)\ComboFix(2).exe
    ====================================================
    Solutions that have worked for the faulting explorer.exe app.faulting explorer.exe module:
    Faulting application explorer.exe, version 6.0.6002.18005, time stamp
    0x49e02a1e, faulting module explorer.exe, version 6.0.6002.18005
    1 For AMD> Disable K8 Cool n Quiet in bios;
    2.Intel> Disable any energy saving features in bios.
    3.You will find it necessary to disable in the BIOS any hardware based CPU throttling capability, including hardware based energy controls. The desktop clock no longer runs slow.
    ====================================
    The description of all the System Event Errors were missing:
    [ System Events ]
    Error - 10/18/2010 3:17:31 AM | Computer Name = Jordan-PC | Source = DCOM | ID = 10005
    Description = ??????
    =======================================
    You should also go into the User Accounts in the Control Panel. See if you hove 2 Administrators- of you do, reduce the privileges of one or the other.
  24. jsf

    jsf Newcomer, in training Topic Starter Posts: 17

    Hey so the fix is running but is now not responding and has been stuck at this part for like 11 hours: [HKEY_LOCAL_MACHINE\Classes\<key>\shell\[command]\command]. It ran really quickly until then and has been frozen ever since. I know you said don't interrupt it so I've left it for now.

    Sorry for the issue, thanks for your help :)
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please bring me current to your status at this point
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.