Resolved Win32:Bamital-x Virus Issue

jsf · Oct 18, 2010

Hi all,

I could really use some help with this issue I've been having. My computer has been acting kind of strange for at least a few weeks now - I've had some issues logging in (black screen, but with mouse cursor), my explorer.exe has been constantly stopping/restarting, my systray icons disappear, and my Windows toolbar has been messed up.

I stumbled across https://www.techspot.com/vb/topic152548.html, and figured I should make my own post because my issue could be slightly different. (I had discovered that I had a WIn32:Bamital-x Virus via avast).

I'm usually very good with my computer, so I'm not quite sure how I picked such a nasty bug up.

Any help would be greatly appreciated, thanks!

Edit: Whoops, didn't see new rule, sorry!

Attach.txt:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 7/28/2009 4:25:32 PM
System Uptime: 10/18/2010 8:58:19 PM (1 hours ago)

Motherboard: Dell Inc. | | 0K183D
Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz | Socket 479 | 1600/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 451 GiB total, 355.392 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 5.269 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

AAC Decoder
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS2
Adobe Reader 9.4.0
Adobe Setup
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced Audio FX Engine
AIM 7
Apple Application Support
Apple Software Update
AutoUpdate
avast! Free Antivirus
CCleaner
Choice Guard
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix Presentation Server Client - Web Only
Compatibility Pack for the 2007 Office system
Complete Care Consumer Service Agreement
Consumer In-Home Service Agreement
Counter-Strike
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Driver Download Manager
Dell Getting Started Guide
Dell Remote Access
Dell Support Center (Support Software)
Dell Video Chat
Dell Webcam Central
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Download Updater (AOL LLC)
FileZilla Client 3.3.4.1
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
ITECIR
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
League of Legends
Live! Cam Avatar Creator
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MINITAB 14 Student
MKV Splitter
Mozilla Firefox (3.6.10)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
NVIDIA PhysX
PDF Settings
Pharos
PowerDVD DX
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype™ 4.2
Sound Blaster X-Fi MB
Spelling Dictionaries Support For Adobe Reader 9
StarCraft
StarCraft II
Steam
StreamTorrent 1.0
Team Fortress 2
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2410711)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.18
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VZAccess Manager
Warcraft III
Windows 7 Upgrade Advisor
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WModem Driver Installer

==== Event Viewer Messages From Past Week ========

10/18/2010 9:57:24 AM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2010 9:57:24 AM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2010 9:57:24 AM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2010 9:57:24 AM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2010 9:57:24 AM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2010 9:57:24 AM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2010 9:53:25 PM, Error: netbt [4321] - The name "JAMIE-PC :0" could not be registered on the interface with IP address 192.168.1.108. The computer with the IP address 192.168.1.143 did not allow the name to be claimed by this computer.
10/18/2010 9:51:30 PM, Error: netbt [4321] - The name "CHRIS-PC :0" could not be registered on the interface with IP address 192.168.1.108. The computer with the IP address 192.168.1.6 did not allow the name to be claimed by this computer.
10/18/2010 9:41:51 AM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc244AD.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/18/2010 9:39:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/18/2010 9:00:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ASPI32
10/18/2010 9:00:20 PM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The system cannot find the path specified.
10/18/2010 8:59:46 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc24A77.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/18/2010 8:58:48 PM, Error: EventLog [6008] - The previous system shutdown at 8:57:52 PM on 10/18/2010 was unexpected.
10/18/2010 8:58:40 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/18/2010 8:44:19 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
10/18/2010 8:36:32 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc222DB.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/18/2010 8:33:56 PM, Error: Service Control Manager [7034] - The TVersityMediaServer service terminated unexpectedly. It has done this 1 time(s).
10/18/2010 8:32:57 PM, Error: Service Control Manager [7034] - The Dock Login Service service terminated unexpectedly. It has done this 1 time(s).
10/18/2010 8:21:18 PM, Error: Service Control Manager [7034] - The Remote Access Media Server service terminated unexpectedly. It has done this 1 time(s).
10/18/2010 8:21:18 PM, Error: Service Control Manager [7034] - The Creative Audio Service service terminated unexpectedly. It has done this 1 time(s).
10/18/2010 7:17:58 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer CHRIS-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E5B2CA60-4FB1-498C-8508-64E1E0D82B9E}. The master browser is stopping or an election is being forced.
10/18/2010 3:21:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
10/18/2010 3:19:05 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/18/2010 3:17:41 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ASPI32 aswSP aswTdi eeCtrl spldr sptd SRTSP SRTSPX Wanarpv6
10/18/2010 3:17:41 AM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/18/2010 3:17:41 AM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
10/18/2010 3:17:41 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/18/2010 3:17:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/18/2010 3:17:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
10/18/2010 3:17:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/18/2010 3:17:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/18/2010 3:17:16 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
10/18/2010 3:17:05 AM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
10/18/2010 3:17:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
10/18/2010 3:16:45 AM, Error: EventLog [6008] - The previous system shutdown at 3:14:14 AM on 10/18/2010 was unexpected.
10/18/2010 3:16:02 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
10/18/2010 3:13:14 AM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc22BE0.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/18/2010 2:40:57 AM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc26FC2.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/18/2010 2:39:43 AM, Error: EventLog [6008] - The previous system shutdown at 2:37:11 AM on 10/18/2010 was unexpected.
10/18/2010 10:03:08 AM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc23DF9.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/18/2010 1:59:01 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
10/18/2010 1:38:07 AM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc2924.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/18/2010 1:37:18 AM, Error: EventLog [6008] - The previous system shutdown at 12:25:25 AM on 10/18/2010 was unexpected.
10/17/2010 4:52:04 AM, Error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/17/2010 4:51:58 AM, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
10/17/2010 4:51:55 AM, Error: nvstor64 [5] - A parity error was detected on \Device\RaidPort0.
10/17/2010 3:53:56 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc2ED79.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/17/2010 2:56:38 AM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc2ECAE.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/17/2010 10:15:38 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc25550.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/17/2010 10:14:26 PM, Error: EventLog [6008] - The previous system shutdown at 10:09:00 PM on 10/17/2010 was unexpected.
10/17/2010 1:57:38 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc224CE.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/17/2010 1:56:44 PM, Error: EventLog [6008] - The previous system shutdown at 1:54:37 PM on 10/17/2010 was unexpected.
10/15/2010 9:21:20 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc2D1DE.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/15/2010 9:18:18 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/15/2010 9:10:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ASPI32 DfsC eeCtrl mfehidk mfenlfk mfewfpk NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr sptd SRTSP SRTSPX Tcpip tdx Wanarpv6
10/15/2010 9:10:03 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/15/2010 9:10:03 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/15/2010 9:10:03 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
10/15/2010 9:10:03 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/15/2010 9:10:03 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/15/2010 9:10:03 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/15/2010 9:10:03 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/15/2010 9:10:03 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/15/2010 9:10:03 PM, Error: Service Control Manager [7001] - The Remote Access Media Server service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/15/2010 9:10:03 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
10/15/2010 9:10:03 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/15/2010 9:10:03 PM, Error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
10/15/2010 9:10:03 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
10/15/2010 9:10:03 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
10/15/2010 9:10:03 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
10/15/2010 9:10:03 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
10/15/2010 9:10:03 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
10/15/2010 9:10:03 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/15/2010 9:10:03 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/15/2010 9:10:03 PM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/15/2010 9:10:03 PM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/15/2010 9:09:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/15/2010 9:09:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/15/2010 9:06:36 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc2D355.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/15/2010 9:04:47 PM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc281FB.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/13/2010 4:36:40 AM, Error: VDS Dynamic Provider [10] - The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505
10/13/2010 4:35:36 AM, Error: Application Popup [1060] - \??\C:\Windows\TEMP\mc23F50.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/11/2010 9:46:51 PM, Error: netbt [4321] - The name "172-26-32-42 :0" could not be registered on the interface with IP address 172.26.34.81. The computer with the IP address 172.26.32.42 did not allow the name to be claimed by this computer.
10/11/2010 9:03:25 PM, Error: netbt [4321] - The name "172-26-32-94 :0" could not be registered on the interface with IP address 172.26.34.81. The computer with the IP address 172.26.32.94 did not allow the name to be claimed by this computer.
10/11/2010 8:11:49 PM, Error: netbt [4321] - The name "172-26-32-126 :0" could not be registered on the interface with IP address 172.26.34.81. The computer with the IP address 172.26.35.140 did not allow the name to be claimed by this computer.
10/11/2010 7:24:02 PM, Error: netbt [4321] - The name "172-26-32-27 :0" could not be registered on the interface with IP address 172.26.34.81. The computer with the IP address 172.26.32.27 did not allow the name to be claimed by this computer.
10/11/2010 6:58:36 PM, Error: netbt [4321] - The name "172-26-32-165 :0" could not be registered on the interface with IP address 172.26.34.81. The computer with the IP address 172.26.35.140 did not allow the name to be claimed by this computer.
10/11/2010 6:57:22 PM, Error: netbt [4321] - The name "172-26-32-58 :0" could not be registered on the interface with IP address 172.26.34.81. The computer with the IP address 172.26.35.140 did not allow the name to be claimed by this computer.
10/11/2010 6:36:34 PM, Error: netbt [4321] - The name "172-26-32-15 :0" could not be registered on the interface with IP address 172.26.34.81. The computer with the IP address 172.26.32.15 did not allow the name to be claimed by this computer.
10/11/2010 5:49:31 PM, Error: netbt [4321] - The name "172-26-32-222 :0" could not be registered on the interface with IP address 172.26.34.81. The computer with the IP address 172.26.32.222 did not allow the name to be claimed by this computer.
10/11/2010 4:58:19 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.108 for the Network Card with network address 00265E2DFAC2 has been denied by the DHCP server 128.122.253.103 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

mbam-log-2010-10-18 (21-17-30).txt:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4876

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

10/18/2010 9:17:30 PM
mbam-log-2010-10-18 (21-17-30).txt

Scan type: Quick scan
Objects scanned: 172672
Time elapsed: 11 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

gmer.log:

GMER 1.0.15.15472 - http://www.gmer.net
Rootkit scan 2010-10-18 21:51:21
Windows 6.0.6002 Service Pack 2
Running: 9k2650k5.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4A
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4A 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4A 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4A 0x49 0x16 0xD1 0x2F ...
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\00255
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF 0x49 0x16 0xD1 0x2F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\ 0x6B 0x61 0x6C 0x67 ...

---- Files - GMER 1.0.15 ----

File C:\Users\Jordan\AppData\Local\Temp\siE0DE.tmp 0 bytes

---- EOF - GMER 1.0.15 ----

jsf · Oct 18, 2010

DDS.txt:

DDS (Ver_10-10-10.03) - NTFS_AMD64
Run by Jordan at 21:52:18.38 on Mon 10/18/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.1769 [GMT -4:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec Endpoint Protection *enabled* (Outdated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Dell V305\dldtmon.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Dell V305\dldtMsdMon.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\dldtcoms.exe
C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
C:\Program Files\Dell\DellDock\DellDock.exe
c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Users\Jordan\AppData\Local\TVersity\Media Server\MediaServer.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Jordan\Desktop\9k2650k5.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Jordan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100915111825.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [FAStartup]
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRunOnce: [Launcher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe"
StartupFolder: C:\Users\Jordan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100915111824.dll
BHO-X64: scriptproxy - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
mRun-x64: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
mRun-x64: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
mRun-x64: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
mRun-x64: [dldtmon.exe] "C:\Program Files (x86)\Dell V305\dldtmon.exe"
mRun-x64: [dldtamon] "C:\Program Files (x86)\Dell V305\dldtamon.exe"
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\n9finixu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.sportsbusinessjournal.com/index.cfm?
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falseC:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-9-5 529000]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-7-28 53488]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-10-18 121936]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-9-5 75032]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-9-5 283232]
R2 Apache2.2;Remote Access Media Server;C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe [2007-9-21 15872]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-10-18 20048]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-10-18 61008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-18 40384]
R2 dldt_device;dldt_device;C:\Windows\system32\dldtcoms.exe -service --> C:\Windows\system32\dldtcoms.exe -service [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 dsl-db;Remote Access DB;C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [2007-9-14 5730304]
R2 dsl-fs-sync;Remote Access File Sync Service;C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-4-13 189680]
R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-5 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-5 355440]
R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-5 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-5 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-5 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-9-5 149032]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-8-7 2440632]
R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-18 40384]
R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-18 40384]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-7-28 36392]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-9-5 62800]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-7-28 172032]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-2 132656]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\System32\drivers\itecir.sys [2009-7-29 59392]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-9-5 190136]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-9-5 441072]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-10-17 131688]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\System32\drivers\OA001Ufd.sys [2009-3-6 159840]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\System32\drivers\OA001Vid.sys [2009-3-8 319840]
RUnknown SASDIFSV;SASDIFSV; [x]
RUnknown SASKUTIL;SASKUTIL; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 COH_Mon;COH_Mon;C:\Windows\System32\drivers\COH_Mon.sys [2009-8-7 25424]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-7-28 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-7-28 79360]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]
S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-6-10 31744]
S3 HtcUsbMdmV64;HTC Proprietary USB Driver;C:\Windows\System32\drivers\HtcUsbMdmV64.sys [2010-10-9 121800]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\System32\drivers\HtcVComV64.sys [2010-10-9 121800]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-9-5 94736]
S3 PCDSRVC{DF3A5B5B-128783DB-06000000}_0;PCDSRVC{DF3A5B5B-128783DB-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files (x86)\Dell Support Center\HWDiag\bin\pcdsrvc_x64.pkms [2009-4-27 23544]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2009-7-28 79360]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [2009-7-29 89600]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-7-28 636144]

=============== Created Last 30 ================

2010-10-18 13:53:29 -------- d-----w- C:\_OTL
2010-10-18 13:41:36 -------- d-----w- C:\Users\Jordan\AppData\Local\AIM
2010-10-18 13:41:32 -------- d-----w- C:\Users\Jordan\AppData\Local\AOL
2010-10-18 07:32:14 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2010-10-18 06:55:38 -------- d-----w- C:\Users\Jordan\AppData\Roaming\Malwarebytes
2010-10-18 06:55:17 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-10-18 06:55:16 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-10-18 06:55:15 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-10-18 06:55:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-10-18 05:48:12 61008 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2010-10-18 05:47:30 38848 ----a-w- C:\Windows\avastSS.scr
2010-10-18 05:47:17 -------- d-----w- C:\PROGRA~3\Alwil Software
2010-10-17 19:48:48 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation
2010-10-17 19:47:09 -------- d-----w- C:\Program Files\NVIDIA Corporation
2010-10-17 19:43:23 69736 ----a-w- C:\Windows\System32\nvapo64v.dll
2010-10-17 19:43:23 29288 ----a-w- C:\Windows\System32\nvhdap64.dll
2010-10-17 19:43:23 131688 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2010-10-17 19:43:05 7002216 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2010-10-17 19:43:05 65128 ----a-w- C:\Windows\System32\OpenCL.dll
2010-10-17 19:43:05 56936 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2010-10-17 19:43:05 5107816 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2010-10-17 19:43:05 13187176 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2010-10-17 19:43:05 11240 ----a-w- C:\Windows\System32\drivers\nvBridge.kmd
2010-10-17 19:43:03 19114088 ----a-w- C:\Windows\System32\nvoglv64.dll
2010-10-17 19:43:02 14092904 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2010-10-17 19:42:59 9818728 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2010-10-17 19:42:59 2892904 ----a-w- C:\Windows\SysWow64\nvcuvid.dll
2010-10-17 19:42:58 3089512 ----a-w- C:\Windows\System32\nvcuvid.dll
2010-10-17 19:42:58 2761832 ----a-w- C:\Windows\System32\nvcuvenc.dll
2010-10-17 19:42:56 6116968 ----a-w- C:\Windows\System32\nvcuda.dll
2010-10-17 19:42:56 4553832 ----a-w- C:\Windows\SysWow64\nvcuda.dll
2010-10-17 19:42:56 2506344 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll
2010-10-17 19:42:56 10267240 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2010-10-17 19:42:52 260712 ----a-w- C:\Windows\System32\nvcod1922.dll
2010-10-17 19:42:52 260712 ----a-w- C:\Windows\System32\nvcod.dll
2010-10-17 19:42:52 14513768 ----a-w- C:\Windows\System32\nvcompiler.dll
2010-10-13 04:49:24 408064 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2010-10-13 04:49:24 1915904 ----a-w- C:\Windows\System32\ole32.dll
2010-10-13 04:49:24 1316864 ----a-w- C:\Windows\SysWow64\ole32.dll
2010-10-13 04:49:23 339968 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2010-10-13 04:49:14 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-10-13 04:49:14 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-10-13 04:48:50 316928 ----a-w- C:\Windows\System32\msshsq.dll
2010-10-13 04:48:50 231424 ----a-w- C:\Windows\SysWow64\msshsq.dll
2010-10-13 04:48:41 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-10-13 04:48:41 531968 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-10-13 04:48:36 189952 ----a-w- C:\Windows\System32\t2embed.dll
2010-10-13 04:48:35 157184 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-10-13 04:48:31 2753024 ----a-w- C:\Windows\System32\win32k.sys
2010-10-13 04:47:47 171008 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2010-10-13 04:47:46 168960 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2010-10-13 04:47:43 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
2010-10-13 04:47:43 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-10-13 04:46:39 343040 ----a-w- C:\Windows\System32\schannel.dll
2010-10-13 04:46:39 274944 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-10-13 04:46:23 451584 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-10-13 04:46:22 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2010-10-13 04:46:22 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-10-13 04:46:21 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-10-13 04:46:21 12288 ----a-w- C:\Windows\System32\sscore.dll
2010-10-13 04:46:20 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-10-13 04:46:20 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2010-10-13 04:46:20 17920 ----a-w- C:\Windows\System32\netevent.dll
2010-10-13 04:44:56 867328 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-10-13 04:44:56 1090048 ----a-w- C:\Windows\System32\wmpmde.dll
2010-10-10 17:51:23 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-10 17:51:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-10-10 01:46:09 -------- d-----w- C:\Users\Jordan\AppData\Roaming\Outlook
2010-10-10 01:31:50 -------- d-----w- C:\Users\Jordan\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2010-10-10 01:27:31 -------- d-----w- C:\Users\Jordan\AppData\Roaming\HTC
2010-10-10 01:26:31 -------- d-----w- C:\Program Files (x86)\Spirent Communications
2010-10-10 01:00:42 -------- d-----w- C:\Users\Jordan\AppData\Roaming\Verizon Wireless
2010-10-10 00:58:51 -------- d-----w- C:\PROGRA~3\WEngineLite
2010-10-10 00:58:50 -------- d-----w- C:\PROGRA~3\Verizon Wireless
2010-10-10 00:58:45 -------- d-----w- C:\Program Files (x86)\Verizon Wireless
2010-10-10 00:57:44 121800 ----a-w- C:\Windows\System32\drivers\HtcVComV64.sys
2010-10-10 00:57:44 121800 ----a-w- C:\Windows\System32\drivers\HtcUsbMdmV64.sys
2010-10-10 00:57:41 -------- d-----w- C:\Program Files (x86)\HTC
2010-09-29 14:07:02 -------- d-----w- C:\Users\Jordan\AppData\Roaming\WindSolutions
2010-09-29 14:07:02 -------- d-----w- C:\PROGRA~3\WindSolutions
2010-09-29 07:13:24 -------- d-----w- C:\Users\Jordan\AppData\Local\Downloaded Installations
2010-09-29 05:01:16 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-09-29 05:01:16 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-09-22 22:10:52 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2010-09-22 22:10:52 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

==================== Find3M ====================

2010-10-19 00:59:48 17408 ----a-w- C:\Windows\System32\rpcnetp.exe
2010-10-19 00:59:43 57752 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2010-09-08 19:23:12 1032192 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 17:50:13 485376 ----a-w- C:\Windows\System32\html.iec
2010-09-08 17:23:42 78336 ----a-w- C:\Windows\SysWow64\ieencode.dll
2010-09-08 17:07:35 834048 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 16:43:11 86528 ----a-w- C:\Windows\System32\ieencode.dll
2010-09-08 15:23:27 389632 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-03 03:17:05 57752 ------w- C:\Windows\SysWow64\rpcnet.exe
2010-09-03 03:14:16 17408 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2010-09-03 03:12:31 17408 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2010-08-24 18:57:38 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2010-08-24 18:57:38 94736 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2010-08-24 18:57:38 75032 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2010-08-24 18:57:38 62800 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2010-08-24 18:57:38 529000 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2010-08-24 18:57:38 441072 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2010-08-24 18:57:38 283232 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2010-08-24 18:57:38 190136 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2010-08-24 18:57:38 121248 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2010-08-17 14:54:20 273920 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-10 09:15:58 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-08-10 09:15:58 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-07-27 22:55:50 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2010-07-27 22:44:10 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2010-07-27 22:44:10 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2006-05-03 09:06:54 163328 --sh--r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- C:\Windows\SysWOW64\nbDX.dll

============= FINISH: 21:53:30.46 ===============

Bobbye · Oct 19, 2010

Welcome to TechSpot! I'll help with the malware, but first you need to remove some of the security.

I notice that you are running 3 antivirus program: McAfee, Symantec and Avast.[/b] This actually makes the system more vulnerable, not less. Decide which you want to keep and remove the other 2. Here are tools to help with the removals:

Please reboot the computer after you have finished the above.
=========================================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the Active X control to install
Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
Click Scan
Wait for the scan to finish
Re-enable your Antivirus software.
A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

==================================
Follow with the download ComboFix from Here and save to your Desktop.

[1]. Do NOT rename Combofix unless instructed.
[2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3].Close any open browsers.
[4]. Double click combofix.exe & follow the prompts to run.
NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
[5]. If Combofix asks you to install Recovery Console, please allow it.
[6]. If Combofix asks you to update the program, always allow.
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
[7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..

Note: It is not necessary to put the logs in a quote box. This will allow you a bit more space.
We'll see what running after these scans. I would like to mention though, that you are running an enormous number of processes! I see many that don't need to run unless
you are actively using it> such as camera. If these all start on boot, they will run in the background and eventually, the system will slow down.

One last note: Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

jsf · Oct 19, 2010

Hey, thanks a lot for helping me with this, I appreciate it. I have uninstalled McAfee and Norton. I cannot, however, get my computer to consistently login correctly (I get a black screen but can see the cursor). Is it ok if I do the next steps in safe mode with networking? That seems to work consistently for me.

jsf · Oct 19, 2010

Ok, so I figured a workaround - had to disable my antivirus at startup because explorer.exe is infected and is being prevented from starting.

ESET Log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=cad4736de48f9a4bab2523c762edd132
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-19 03:35:37
# local_time=2010-10-19 11:35:37 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 56 34873502 124101162 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=5190
# found=0
# cleaned=0
# scan_time=80
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=cad4736de48f9a4bab2523c762edd132
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-19 09:02:21
# local_time=2010-10-19 05:02:21 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 56 34885034 124112694 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=245000
# found=3
# cleaned=0
# scan_time=8152
C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.EB trojan 00000000000000000000000000000000 I
C:\Windows\System32\wininit.exe Win32/Bamital.EC trojan 00000000000000000000000000000000 I
C:\Windows\SysWOW64\wininit.exe Win32/Bamital.EC trojan 00000000000000000000000000000000 I

I couldn't get ComboFix to work as it said it was for XP only.

Bobbye · Oct 19, 2010

Combofix wworks on Windows XP, Vista and Windows 7. But it does not work on 64 bit. But since GMER also doesn't run on 64 bit and it ran, then you should be able to run Combofix.

Run the following first, then try Combofix again.

Please download OTMovit by Old Timer and save to your desktop.

Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:

:Processes	
:Files  
C:\Users\Public\Documents\Server\hlp.dat 
C:\Windows\System32\wininit.exe 
C:\Windows\SysWOW64\wininit.exe 

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

jsf · Oct 19, 2010

All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\Users\Public\Documents\Server\hlp.dat moved successfully.
C:\Windows\System32\wininit.exe moved successfully.
File/Folder C:\Windows\SysWOW64\wininit.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jordan
->Temp folder emptied: 29073683 bytes
->Temporary Internet Files folder emptied: 372639 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42460581 bytes
->Flash cache emptied: 6090 bytes

User: jsf333
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: RA Media Server
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1144069 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32969 bytes
RecycleBin emptied: 150073919 bytes

Total Files Cleaned = 213.00 mb

OTM by OldTimer - Version 3.1.16.1 log created on 10192010_213249

Files moved on Reboot...
C:\Users\Jordan\AppData\Local\Mozilla\Firefox\Profiles\n9finixu.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Jordan\AppData\Local\Mozilla\Firefox\Profiles\n9finixu.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Jordan\AppData\Local\Mozilla\Firefox\Profiles\n9finixu.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Jordan\AppData\Local\Mozilla\Firefox\Profiles\n9finixu.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Jordan\AppData\Local\Mozilla\Firefox\Profiles\n9finixu.default\urlclassifier3.sqlite moved successfully.
File move failed. C:\Windows\temp\Pharos\UpdaterLog.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Still getting the same message from ComboFix.

It says: Error - Win32 only

Incompatible OS. ComboFix only works for workstations with Windows 2000 and XP. Then it says it again in like 8 languages.

Bobbye · Oct 21, 2010

Not sure what's going on>
Windows Vista 64 bit : What is SysWOW64 ?

WoW64 stands for "Windows on 64-bit Windows", and it contains all the 32-bit binary files required for compatibility, which run on top of the 64 bit Windows.

WOW64 knows that the Setup wizard is a 32-bit application running within an emulator. It also knows that 64- and 32-bit code cannot be mixed. As such, the WOW64 emulator aliases an alias to the \Windows\SysWOW64 folder. This means that any time a 32-bit application needs to read or write anything to or from the \Windows\System32 folder, the WOW64 emulator transparently redirects the request to the \Windows\SysWOW64 folder.

it looks like a double copy of everything in System32 (which despite the directory name, are actually 64-bit binaries). How do you have the operating system set up? Was it 64 bit when you got it? Or 32bit?
Here is a good example of the conflict: Both of these came up infected in the Eset scan:
C:\Windows\System32\wininit.exe
C:\Windows\SysWOW64\wininit.exe

If you are running 32 bit Windows then finding this SysWoW64 directory is a strange: One of the Errors showing is: 10/18/2010 8:58:40 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

And there are numerous other Errors caused by incompatibility with the system.

Somehow you managed to run GMER in 32bit because it won't run in 64bit- you'd get a similar error message as what you're getting with Combofix if you did.

Can you give me some insight as to how the OS is loaded with the 32 and 64 bit, with some program not working? In the meantime, I'm going to ask someone to take a look here and see if he can offer us more guidance.
===============================
I think you can run a 32 bit application, if you modify the env PATH variable and put SysWOW64 before system32.
If he says this is okay, I have you do it and then run Combofix> not yet though.
1. Start %windir%\SysWoW64\cmd.exe
2. set PATH=%systemroot%\SysWOW64;%PATH%
3. Run the application.
4. After application has completed, reset PATH variable if required.

jsf · Oct 21, 2010

I don't think there is anything special about the way my system came set up. I ordered it from dell installed with 64-bit Windows. I haven't changed anything with regards to the main operating system.

I've had this computer since around mid August of last year, and haven't noticed any issues with compatibility ever, but I do find it strange that there are double copies of everything...

Bobbye · Oct 21, 2010

The thing is that something in the system emulating the functions of one system using a different system, so that the second system behaves like (and appears to be) the first system. ...You were able to run GMER, but GMER gives an error to a 64bit system and won't run. Now you want to run another program that also won't run on a 64 bit system, but now the system is being forced into 64 bit and tells you-rightly-that the program isn't compatible.

This is not an either/or situation> it should be both or none.

Are you logging on to the same account for Combofix that you did for GMER? We trying to get a Command set up to direct to the 32 bit system.

jsf · Oct 21, 2010

Yeah it's from the same account. Very strange.

Bobbye · Oct 22, 2010

With help from jobeard and Microsoft, we came up with this to try and force the system to run the program in 32bit:

Make sure the change to path is done from Admin:

How to Open and Run 32-bit Command Prompt in 64-bit (x64) Windows

The user can type the command-line script at a 32-bit command prompt. The 32-bit command prompt automatically redirects file system calls to the correct 32-bit directory.

To start and open a 32-bit command prompt, follow these steps:

Click Start.
Type %windir%\SysWoW64\cmd.exe in Start Search box.

(Or Alternatively, press Win + R keys (or type Run in Start Search) to open Run dialog, and type %windir%\SysWoW64\cmd.exe.)
Press Enter.

In 32-bit command prompt, the %programfiles% path variable will point to Program Files (x86) folder which stores all 32-bit binaries.

Now run Combofix

I am waiting anxiously to see if this works for you and isn't too complicated. If it does, it will give us a way to run Combofix on the 64bit systems.

jsf · Oct 22, 2010

It doesn't seem to be working - still getting the same message as before. It does seem like an interesting work around, but my Combofix.exe is saved on the desktop - could that be an issue?

Edit: No, moved the combofix.exe to my Program Files (x86) folder, still got the same message.

Bobbye · Oct 22, 2010

You weren't dealing with the actual location of desktop vs programs, but rather 64bit vs 32bit to run the program.

Try one more thing\- before running a scan on Combofix, do a right click> Rename> change combofix.exe to jsfspot.exe then try the scan.

IF it still won't work, I see you have installed OTL. Run that instead.

jsf · Oct 22, 2010

Ah, I see. Well it didn't work when I changed the name.

Are there any specific instructions I need to do for OTL?

Bobbye · Oct 24, 2010

Download OTL from either of the links below and save it to your desktop.
Link 1
Link 2
Double click the OTL icon to run it.
The opened console will resemble this:
Set Output at the top to Minimal Output.
Check the boxes beside LOP Check and Purity Check.

Copy the entries in the Codebox below> Paste in the Custom Scan box.

Code:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
Make sure all other windows are closed and to let it run uninterrupted.
When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

jsf · Oct 24, 2010

OTL logfile created on: 10/24/2010 7:23:30 PM - Run 2
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Jordan\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 355.67 Gb Free Space | 78.85% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 5.27 Gb Free Space | 35.97% Space Free | Partition Type: NTFS

Computer Name: JORDAN-PC | User Name: Jordan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jordan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Users\Jordan\AppData\Local\TVersity\Media Server\MediaServer.exe ()
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
PRC - c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
PRC - C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe (SingleClick Systems)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell V305\dldtmsdmon.exe ()
PRC - C:\Program Files (x86)\Dell V305\dldtmon.exe ()
PRC - C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)
PRC - C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe ()

========== Modules (SafeList) ==========

MOD - C:\Users\Jordan\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (dldt_device) -- C:\Windows\SysNative\dldtcoms.exe ( )
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TVersityMediaServer) -- C:\Users\Jordan\AppData\Local\TVersity\Media Server\MediaServer.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Sound Blaster X-Fi MB Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (hnmsvc) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
SRV - (dsl-fs-sync) -- C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe (SingleClick Systems)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (Pharos Systems ComTaskMaster) -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)
SRV - (dldt_device) -- C:\Windows\SysWow64\dldtcoms.exe ( )
SRV - (Apache2.2) -- C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (dsl-db) -- C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe ()

========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (HtcVCom32) -- C:\Windows\SysNative\DRIVERS\HtcVComV64.sys (QUALCOMM Incorporated)
DRV:64bit: - (HtcUsbMdmV64) -- C:\Windows\SysNative\DRIVERS\HtcUsbMdmV64.sys (QUALCOMM Incorporated)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\DRIVERS\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (OA001Vid) -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (OA001Ufd) -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys (Creative Technology Ltd.)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys (Broadcom Corporation)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys (REDC)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys (REDC)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (FACAP) -- C:\Windows\SysNative\DRIVERS\facap.sys (Sensible Vision )
DRV:64bit: - (Packet) -- C:\Windows\SysNative\DRIVERS\packet.sys (SingleClick Systems)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (SMSIVZAM5X64) -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys (Smith Micro Inc.)
DRV - (Packet) -- C:\Windows\SysWOW64\drivers\packet.sys (SingleClick Systems)
DRV - (ASPI32) -- C:\Windows\SysWow64\drivers\ASPI32.SYS (Adaptec)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.sportsbusinessjournal.com/index.cfm?"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.73
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.myheritage.com/?orig=ds&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/21 00:52:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/21 00:52:22 | 000,000,000 | ---D | M]

[2009/08/01 16:29:34 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Mozilla\Extensions
[2010/10/23 22:40:26 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\n9finixu.default\extensions
[2010/05/22 12:54:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\n9finixu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/10 13:56:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\n9finixu.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/05/22 12:55:09 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\n9finixu.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/10/06 21:07:47 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\n9finixu.default\extensions\vshare@toolbar
[2010/10/23 22:40:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/10 13:51:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/18 09:49:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2007/11/09 16:10:22 | 000,079,440 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\CgpCore.dll
[2007/11/09 16:10:24 | 000,075,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\confmgr.dll
[2007/11/09 16:10:50 | 000,034,384 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\logging.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/11/09 16:11:08 | 000,333,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
[2007/11/09 16:11:38 | 000,030,288 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\TcpPServ.dll
[2009/12/19 01:39:01 | 000,003,803 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\MyHeritage.xml

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [dldtamon] C:\Program Files (x86)\Dell V305\dldtamon.exe ()
O4:64bit: - HKLM..\Run: [dldtmon.exe] C:\Program Files (x86)\Dell V305\dldtmon.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\system32\AmbRunE.DLL File not found
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL LLC)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 [2010/09/26 20:31:37 | 000,000,000 | ---D | M]
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 18:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{12f84631-a917-11de-851f-002556d8d8b4}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{38fb6d56-0ab5-11df-bd78-002556d8d8b4}\Shell - "" = AutoRun
O33 - MountPoints2\{38fb6d56-0ab5-11df-bd78-002556d8d8b4}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{a45403fc-d1e7-11df-891b-002556d8d8b4}\Shell - "" = AutoRun
O33 - MountPoints2\{a45403fc-d1e7-11df-891b-002556d8d8b4}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe -- File not found
O33 - MountPoints2\{a4540498-d1e7-11df-891b-002556d8d8b4}\Shell - "" = AutoRun
O33 - MountPoints2\{a4540498-d1e7-11df-891b-002556d8d8b4}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe -- File not found
O33 - MountPoints2\{a45404df-d1e7-11df-891b-002556d8d8b4}\Shell - "" = AutoRun
O33 - MountPoints2\{a45404df-d1e7-11df-891b-002556d8d8b4}\Shell\AutoRun\command - "" = H:\TL-Bootstrap.exe -- File not found
O33 - MountPoints2\{a45404fd-d1e7-11df-891b-002556d8d8b4}\Shell - "" = AutoRun
O33 - MountPoints2\{a45404fd-d1e7-11df-891b-002556d8d8b4}\Shell\AutoRun\command - "" = H:\TL-Bootstrap.exe -- File not found
O33 - MountPoints2\{b00fa462-7ec1-11de-b1fd-002556d8d8b4}\Shell\AutoRun\command - "" = setup.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = setup.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2010/10/22 19:49:07 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/10/21 22:50:37 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Local\Apple
[2010/10/19 21:32:49 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/10/19 21:32:13 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Jordan\Desktop\OTM.exe
[2010/10/19 11:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/10/19 10:47:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/19 10:45:44 | 000,921,512 | ---- | C] (Symantec Corporation) -- C:\Users\Jordan\Desktop\Norton_Removal_Tool.exe
[2010/10/19 10:40:20 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Local\Apple Computer
[2010/10/18 22:18:16 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Local\Adobe
[2010/10/18 20:20:59 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Jordan\Desktop\TFC.exe
[2010/10/18 09:53:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/18 09:51:17 | 000,641,473 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\Jordan\Desktop\JavaRa.exe
[2010/10/18 09:41:36 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Local\AIM
[2010/10/18 09:41:32 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Local\AOL
[2010/10/18 09:28:25 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Jordan\Desktop\OTL.exe
[2010/10/18 09:27:39 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jordan\Desktop\TDSSKiller.exe
[2010/10/18 03:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/10/18 03:31:43 | 090,378,880 | ---- | C] (Norman ASA) -- C:\Users\Jordan\Desktop\Norman_Malware_Cleaner.exe
[2010/10/18 03:31:03 | 009,578,056 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Jordan\Desktop\SUPERAntiSpyware.exe
[2010/10/18 02:55:38 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Roaming\Malwarebytes
[2010/10/18 02:55:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/18 02:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/18 02:55:15 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/18 02:55:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/18 01:48:14 | 000,121,936 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/10/18 01:48:14 | 000,028,752 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/10/18 01:48:14 | 000,020,048 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/10/18 01:48:13 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/10/18 01:48:12 | 000,061,008 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/10/18 01:47:30 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/10/18 01:47:25 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/10/18 01:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/10/18 01:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/10/17 15:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/10/17 15:47:09 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/10/17 15:43:05 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/10/17 15:43:05 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/10/15 20:40:45 | 001,187,896 | ---- | C] (Piriform Ltd) -- C:\Users\Jordan\Desktop\ccsetup236.exe
[2010/10/10 13:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/10 13:51:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/10/09 21:46:09 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Roaming\Outlook
[2010/10/09 21:46:04 | 000,000,000 | ---D | C] -- C:\Users\Jordan\Documents\My Photos
[2010/10/09 21:46:04 | 000,000,000 | ---D | C] -- C:\Users\Jordan\Documents\My Documents
[2010/10/09 21:31:50 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010/10/09 21:27:31 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Roaming\HTC
[2010/10/09 21:26:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2010/10/09 21:00:42 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Roaming\Verizon Wireless
[2010/10/09 20:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\WEngineLite
[2010/10/09 20:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Verizon Wireless
[2010/10/09 20:58:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verizon Wireless
[2010/10/09 20:57:44 | 000,121,800 | ---- | C] (QUALCOMM Incorporated) -- C:\Windows\SysNative\drivers\HtcVComV64.sys
[2010/10/09 20:57:44 | 000,121,800 | ---- | C] (QUALCOMM Incorporated) -- C:\Windows\SysNative\drivers\HtcUsbMdmV64.sys
[2010/10/09 20:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2010/10/02 01:18:17 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/29 10:07:02 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Roaming\WindSolutions
[2010/09/29 10:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2010/09/29 03:13:24 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Local\Downloaded Installations
[2010/09/29 03:13:10 | 005,790,273 | ---- | C] (KennettNet Software Ltd ) -- C:\Users\Jordan\Desktop\musicrescuesetup.exe
[2010/09/26 20:30:42 | 000,000,000 | ---D | C] -- C:\Users\Jordan\Desktop\7
[2010/09/19 19:23:19 | 000,000,000 | ---D | C] -- C:\Users\Jordan\Documents\_NYU Sophomore
[2010/09/11 00:10:54 | 000,000,000 | ---D | C] -- C:\Users\Jordan\Desktop\img
[2010/09/10 21:41:37 | 000,000,000 | ---D | C] -- C:\Users\Jordan\Documents\StarCraft II
[2010/09/10 21:41:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2010/09/10 21:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/09/10 16:57:19 | 000,000,000 | ---D | C] -- C:\Users\Jordan\AppData\Roaming\FileOpen
[2010/09/10 16:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen
[2010/09/06 12:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/06 12:24:43 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/06 12:24:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/09/06 12:24:43 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/09/06 12:20:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/09/02 23:17:30 | 000,057,752 | ---- | C] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe
[2010/09/02 23:17:30 | 000,057,752 | ---- | C] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2010/08/25 17:36:26 | 000,014,336 | ---- | C] (Absolute Software Corp.) -- C:\Windows\SysWow64\instac64.exe
[2009/08/30 14:50:58 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtinpa.dll
[2009/08/30 14:50:58 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtiesc.dll
[2009/08/30 14:50:57 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtpmui.dll
[2009/08/30 14:50:54 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtusb1.dll
[2009/08/30 14:50:53 | 001,105,920 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtserv.dll
[2009/08/30 14:50:52 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtlmpm.dll
[2009/08/30 14:50:52 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtprox.dll
[2009/08/30 14:50:50 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\dldthbn3.dll
[2009/08/30 14:50:49 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtcomc.dll
[2009/08/30 14:50:49 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtcomm.dll

========== Files - Modified Within 90 Days ==========

[2010/10/24 19:03:36 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/24 19:03:36 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/24 03:03:36 | 000,108,485 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/10/24 03:03:36 | 000,108,485 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/10/24 03:03:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/24 03:03:20 | 000,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2010/10/23 18:36:13 | 000,012,288 | ---- | M] () -- C:\Users\Jordan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/23 18:05:00 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/10/23 16:05:14 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/23 16:05:14 | 000,607,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/23 16:05:14 | 000,105,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/22 19:27:21 | 003,883,811 | ---- | M] () -- C:\Users\Jordan\Desktop\ComboFix(2).exe
[2010/10/22 13:33:27 | 003,052,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/22 13:33:23 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2010/10/22 13:32:45 | 4024,811,520 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/22 13:31:56 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/10/22 13:20:26 | 000,052,389 | ---- | M] () -- C:\Users\Jordan\Desktop\Alpha Epsilon Pi First Annual Rocking Chair Event.pdf
[2010/10/22 13:20:17 | 000,011,044 | ---- | M] () -- C:\Users\Jordan\Desktop\Alpha Epsilon Pi First Annual Rocking Chair Event.docx
[2010/10/20 08:10:22 | 000,001,356 | ---- | M] () -- C:\Users\Jordan\AppData\Local\d3d9caps.dat
[2010/10/19 21:32:28 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Jordan\Desktop\OTM.exe
[2010/10/19 17:09:08 | 003,880,681 | ---- | M] () -- C:\Program Files (x86)\ComboFix(2).exe
[2010/10/19 17:05:21 | 003,880,681 | ---- | M] () -- C:\Users\Jordan\Desktop\jsfspot.exe
[2010/10/19 14:45:02 | 002,672,312 | ---- | M] () -- C:\Users\Jordan\Desktop\esetsmartinstaller_enu(2).exe
[2010/10/19 11:32:03 | 002,672,312 | ---- | M] () -- C:\Users\Jordan\Desktop\esetsmartinstaller_enu.exe
[2010/10/19 10:45:44 | 000,921,512 | ---- | M] (Symantec Corporation) -- C:\Users\Jordan\Desktop\Norton_Removal_Tool.exe
[2010/10/19 10:45:36 | 001,373,616 | ---- | M] () -- C:\Users\Jordan\Desktop\MCPR.exe
[2010/10/18 21:52:10 | 000,544,768 | ---- | M] () -- C:\Users\Jordan\Desktop\dds.scr
[2010/10/18 21:18:45 | 000,294,912 | ---- | M] () -- C:\Users\Jordan\Desktop\9k2650k5.exe
[2010/10/18 20:23:22 | 000,080,384 | ---- | M] () -- C:\Users\Jordan\Desktop\MBRCheck.exe
[2010/10/18 20:21:08 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jordan\Desktop\TFC.exe
[2010/10/18 09:29:26 | 000,075,264 | ---- | M] () -- C:\Users\Jordan\Desktop\SystemLook.exe
[2010/10/18 09:28:26 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jordan\Desktop\OTL.exe
[2010/10/18 03:33:26 | 090,378,880 | ---- | M] (Norman ASA) -- C:\Users\Jordan\Desktop\Norman_Malware_Cleaner.exe
[2010/10/18 03:31:47 | 009,578,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Jordan\Desktop\SUPERAntiSpyware.exe
[2010/10/18 01:48:15 | 000,001,798 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/10/18 01:48:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/10/15 20:40:53 | 001,187,896 | ---- | M] (Piriform Ltd) -- C:\Users\Jordan\Desktop\ccsetup236.exe
[2010/10/13 02:50:56 | 000,046,080 | ---- | M] () -- C:\Users\Jordan\Desktop\Copy of Queen McPea.xls
[2010/10/10 14:00:07 | 000,000,366 | ---- | M] () -- C:\Users\Jordan\Desktop\Reset_Notification_Icons_List.reg
[2010/10/09 21:44:35 | 000,037,841 | ---- | M] () -- C:\Users\Jordan\AppData\Roaming\Comma Separated Values (DOS).ADR
[2010/10/09 21:41:39 | 000,049,435 | ---- | M] () -- C:\Users\Jordan\Desktop\contacts.csv
[2010/10/09 21:27:23 | 000,001,015 | ---- | M] () -- C:\Users\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\HTC Sync.lnk
[2010/10/05 23:55:03 | 009,910,356 | ---- | M] () -- C:\Users\Jordan\Desktop\90th ann.zip
[2010/10/04 09:08:00 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jordan\Desktop\TDSSKiller.exe
[2010/09/30 21:09:05 | 000,000,732 | ---- | M] () -- C:\Users\Jordan\AppData\Local\d3d9caps64.dat
[2010/09/29 03:13:16 | 005,790,273 | ---- | M] (KennettNet Software Ltd ) -- C:\Users\Jordan\Desktop\musicrescuesetup.exe
[2010/09/29 00:03:32 | 000,059,400 | ---- | M] () -- C:\Users\Jordan\Desktop\test.csv
[2010/09/17 10:55:49 | 000,012,161 | ---- | M] () -- C:\Users\Jordan\Desktop\Copy of Dues Payment Record for JFine.xlsx
[2010/09/16 19:05:35 | 001,270,784 | ---- | M] () -- C:\Users\Jordan\Desktop\Alpha Epsilon Pi - Advanced Rush Presentation.ppt
[2010/09/11 01:53:03 | 000,196,836 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/09/11 01:22:38 | 000,032,375 | ---- | M] () -- C:\Users\Jordan\Desktop\wtc-before-penttbom.jpg
[2010/09/09 20:50:27 | 000,517,632 | ---- | M] () -- C:\Users\Jordan\Desktop\Jordan_Fine_ST-225.doc
[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/07 11:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/09/07 10:52:29 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/09/07 10:52:09 | 000,121,936 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/09/07 10:47:49 | 000,028,752 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/09/07 10:47:33 | 000,061,008 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/09/07 10:47:10 | 000,020,048 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/09/02 23:17:05 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe
[2010/09/02 23:14:16 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010/09/02 23:12:31 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2010/08/09 19:02:06 | 000,641,473 | ---- | M] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\Jordan\Desktop\JavaRa.exe

========== Files Created - No Company Name ==========

[2010/10/22 19:27:21 | 003,883,811 | ---- | C] () -- C:\Users\Jordan\Desktop\ComboFix(2).exe
[2010/10/22 13:20:17 | 000,011,044 | ---- | C] () -- C:\Users\Jordan\Desktop\Alpha Epsilon Pi First Annual Rocking Chair Event.docx
[2010/10/22 13:19:26 | 000,052,389 | ---- | C] () -- C:\Users\Jordan\Desktop\Alpha Epsilon Pi First Annual Rocking Chair Event.pdf
[2010/10/21 01:01:03 | 000,132,864 | ---- | C] () -- C:\Users\Jordan\Desktop\Tuffy-Regular.ttf
[2010/10/21 01:01:03 | 000,119,744 | ---- | C] () -- C:\Users\Jordan\Desktop\TuffyScript-Regular.ttf
[2010/10/21 01:01:03 | 000,119,168 | ---- | C] () -- C:\Users\Jordan\Desktop\TuffyInfant-Regular.ttf
[2010/10/21 01:01:03 | 000,105,220 | ---- | C] () -- C:\Users\Jordan\Desktop\Tuffy-Bold.ttf
[2010/10/21 01:01:03 | 000,087,864 | ---- | C] () -- C:\Users\Jordan\Desktop\Tuffy-BoldItalic.ttf
[2010/10/21 01:01:03 | 000,087,444 | ---- | C] () -- C:\Users\Jordan\Desktop\Tuffy-Italic.ttf
[2010/10/21 00:48:03 | 000,033,248 | ---- | C] () -- C:\Users\Jordan\Desktop\BPreplayItalics.otf
[2010/10/21 00:48:03 | 000,033,204 | ---- | C] () -- C:\Users\Jordan\Desktop\BPreplayBoldItalics.otf
[2010/10/21 00:48:03 | 000,031,480 | ---- | C] () -- C:\Users\Jordan\Desktop\BPreplayBold.otf
[2010/10/21 00:48:03 | 000,030,672 | ---- | C] () -- C:\Users\Jordan\Desktop\BPreplay.otf
[2010/10/21 00:43:09 | 000,098,584 | ---- | C] () -- C:\Users\Jordan\Desktop\CLEANVEL.TTF
[2010/10/21 00:43:09 | 000,094,916 | ---- | C] () -- C:\Users\Jordan\Desktop\CLEANVEB.TTF
[2010/10/19 17:09:07 | 003,880,681 | ---- | C] () -- C:\Program Files (x86)\ComboFix(2).exe
[2010/10/19 17:04:33 | 003,880,681 | ---- | C] () -- C:\Users\Jordan\Desktop\jsfspot.exe
[2010/10/19 14:45:02 | 002,672,312 | ---- | C] () -- C:\Users\Jordan\Desktop\esetsmartinstaller_enu(2).exe
[2010/10/19 13:33:20 | 4024,811,520 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/19 11:32:02 | 002,672,312 | ---- | C] () -- C:\Users\Jordan\Desktop\esetsmartinstaller_enu.exe
[2010/10/19 10:45:34 | 001,373,616 | ---- | C] () -- C:\Users\Jordan\Desktop\MCPR.exe
[2010/10/18 21:52:10 | 000,544,768 | ---- | C] () -- C:\Users\Jordan\Desktop\dds.scr
[2010/10/18 21:18:42 | 000,294,912 | ---- | C] () -- C:\Users\Jordan\Desktop\9k2650k5.exe
[2010/10/18 20:23:15 | 000,080,384 | ---- | C] () -- C:\Users\Jordan\Desktop\MBRCheck.exe
[2010/10/18 09:29:26 | 000,075,264 | ---- | C] () -- C:\Users\Jordan\Desktop\SystemLook.exe
[2010/10/18 01:48:15 | 000,001,798 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/10/18 01:48:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/10/18 01:47:42 | 000,440,972 | ---- | C] () -- C:\Users\Jordan\AppData\Local\dd_vcredistMSI1FCA.txt
[2010/10/18 01:47:42 | 000,011,634 | ---- | C] () -- C:\Users\Jordan\AppData\Local\dd_vcredistUI1FCA.txt
[2010/10/17 15:43:05 | 000,012,264 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010/10/15 21:38:54 | 000,590,380 | ---- | C] () -- C:\Users\Jordan\AppData\Local\dd_vcredistMSI4513.txt
[2010/10/15 21:38:52 | 000,014,526 | ---- | C] () -- C:\Users\Jordan\AppData\Local\dd_vcredistUI4513.txt
[2010/10/10 15:27:28 | 000,046,080 | ---- | C] () -- C:\Users\Jordan\Desktop\Copy of Queen McPea.xls
[2010/10/10 14:00:06 | 000,000,366 | ---- | C] () -- C:\Users\Jordan\Desktop\Reset_Notification_Icons_List.reg
[2010/10/09 21:44:35 | 000,037,841 | ---- | C] () -- C:\Users\Jordan\AppData\Roaming\Comma Separated Values (DOS).ADR
[2010/10/09 21:41:39 | 000,049,435 | ---- | C] () -- C:\Users\Jordan\Desktop\contacts.csv
[2010/10/09 21:27:23 | 000,001,015 | ---- | C] () -- C:\Users\Jordan\Application Data\Microsoft\Internet Explorer\Quick Launch\HTC Sync.lnk
[2010/10/05 23:54:53 | 009,910,356 | ---- | C] () -- C:\Users\Jordan\Desktop\90th ann.zip
[2010/09/30 21:09:05 | 000,000,732 | ---- | C] () -- C:\Users\Jordan\AppData\Local\d3d9caps64.dat
[2010/09/29 00:03:26 | 000,059,400 | ---- | C] () -- C:\Users\Jordan\Desktop\test.csv
[2010/09/16 19:52:31 | 000,012,161 | ---- | C] () -- C:\Users\Jordan\Desktop\Copy of Dues Payment Record for JFine.xlsx
[2010/09/16 19:05:32 | 001,270,784 | ---- | C] () -- C:\Users\Jordan\Desktop\Alpha Epsilon Pi - Advanced Rush Presentation.ppt
[2010/09/11 01:22:38 | 000,032,375 | ---- | C] () -- C:\Users\Jordan\Desktop\wtc-before-penttbom.jpg
[2010/09/09 20:50:25 | 000,517,632 | ---- | C] () -- C:\Users\Jordan\Desktop\Jordan_Fine_ST-225.doc
[2010/09/02 23:14:16 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010/09/02 23:12:31 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2010/09/02 23:12:31 | 000,017,408 | ---- | C] () -- C:\Windows\SysNative\rpcnetp.exe
[2009/12/20 01:19:41 | 000,001,356 | ---- | C] () -- C:\Users\Jordan\AppData\Local\d3d9caps.dat
[2009/12/16 18:34:56 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2009/12/03 23:04:32 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 23:04:29 | 000,001,632 | ---- | C] () -- C:\Windows\SysWow64\l86tniuw.dll
[2009/12/03 23:03:08 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/17 13:38:37 | 000,000,037 | ---- | C] () -- C:\Windows\wmvtoiPodconverter.ini
[2009/09/29 02:23:46 | 000,322,538 | ---- | C] () -- C:\Users\Jordan\AppData\Local\dd_vcredistMSI0853.txt
[2009/09/29 02:23:46 | 000,012,458 | ---- | C] () -- C:\Users\Jordan\AppData\Local\dd_vcredistUI0853.txt
[2009/09/27 00:52:26 | 000,000,048 | ---- | C] () -- C:\Windows\iltwain.ini
[2009/09/24 02:23:13 | 000,000,000 | ---- | C] () -- C:\Users\Jordan\AppData\Roaming\wklnhst.dat
[2009/08/30 20:18:12 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/08/30 14:50:59 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\DLDTinst.dll
[2009/08/30 14:50:58 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\dldtcomx.dll
[2009/08/30 14:50:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dldtjswr.dll
[2009/08/30 14:50:58 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dldtinsr.dll
[2009/08/30 14:50:57 | 000,520,192 | ---- | C] () -- C:\Windows\SysWow64\dldtutil.dll
[2009/08/30 14:50:57 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dldtcur.dll
[2009/08/30 14:50:56 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\dldtinsb.dll
[2009/08/30 14:50:56 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dldtins.dll
[2009/08/30 14:50:54 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dldtcub.dll
[2009/08/30 14:50:54 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\dldtcu.dll
[2009/08/09 18:33:59 | 000,012,288 | ---- | C] () -- C:\Users\Jordan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/01 17:08:24 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/07/28 22:13:17 | 000,001,438 | ---- | C] () -- C:\Windows\FF08_not_Spk_Hp.ini
[2009/07/28 22:13:17 | 000,001,379 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2009/07/28 22:13:01 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/07/28 22:13:01 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/07/28 21:34:47 | 000,108,485 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/28 21:33:13 | 000,108,485 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/15 12:45:34 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\dldtdrs.dll
[2009/05/14 13:57:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\dldtcaps.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/01/22 02:05:12 | 000,077,906 | ---- | C] () -- C:\Windows\SysWow64\dldtcfg.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/11/13 19:13:10 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\dldtcnv4.dll

========== LOP Check ==========

[2009/08/02 23:16:57 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\acccore
[2010/02/24 21:52:37 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Astroburn Lite
[2010/01/19 15:19:43 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/24 21:27:49 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\DAEMON Tools Lite
[2009/12/16 03:18:10 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\DonationCoder
[2009/12/27 22:54:49 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\EA
[2010/09/10 16:57:23 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\FileOpen
[2010/10/06 00:22:09 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\FileZilla
[2009/12/18 22:59:03 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\FreeFLVConverter
[2010/10/09 21:27:46 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\HTC
[2010/10/09 21:31:50 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010/04/24 12:03:18 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\ICAClient
[2009/12/04 02:22:37 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009/12/16 15:51:49 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Moyea
[2009/09/21 19:07:32 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Opera
[2010/10/09 21:46:09 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Outlook
[2009/10/08 19:41:41 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\StealthBot
[2010/03/09 21:24:35 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\StreamTorrent
[2009/08/09 21:11:06 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\TeamViewer
[2010/04/03 19:54:18 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Template
[2010/10/15 20:08:53 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\WindSolutions
[2010/01/28 18:07:21 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Xerox
[2009/10/18 02:12:51 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Xilisoft Corporation
[2010/10/23 18:05:00 | 000,000,496 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/10/22 13:31:56 | 000,032,524 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 22:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/24 23:26:24 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009/04/24 23:26:24 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

jsf · Oct 24, 2010

< MD5 for: IASTORV.SYS >
[2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 22:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 22:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 22:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 22:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 03:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Jordan\Desktop\video.mp4:TOC.WMV
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:456A69E6

< End of report >

jsf · Oct 24, 2010

OTL Extras logfile created on: 10/18/2010 9:29:02 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Jordan\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 68.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 358.95 Gb Free Space | 79.58% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 5.27 Gb Free Space | 35.97% Space Free | Partition Type: NTFS

Computer Name: JORDAN-PC | User Name: Jordan | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\Users\Jordan\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\Users\Jordan\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 00 96 B3 99 FC 76 CA 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002138F4-2ED1-4109-AA0F-F020E3376A2E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{05827987-8B39-4F64-B421-228C37E9809A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{074036D0-922C-4613-9073-4AF1FB8193A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0B9833A4-F2E5-4195-BB09-A829CC1D076D}" = rport=445 | protocol=6 | dir=out | app=system |
"{1408711E-9C56-4307-824F-D5D526A2EAB6}" = rport=137 | protocol=17 | dir=out | app=system |
"{23D6EEA0-83FE-4B58-A023-97E3C0E78CC1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{24B42DF4-A533-44AC-AFF5-B210F5F50573}" = lport=10244 | protocol=6 | dir=in | app=system |
"{3462D771-BBE1-490B-AF5A-5B96E910CCA4}" = rport=10244 | protocol=6 | dir=out | app=system |
"{36F9DD7D-3822-4315-9E59-E261D83F699E}" = lport=40093 | protocol=6 | dir=in | name=streaming web cam |
"{3C9EED42-6D29-44C3-B8C1-ABDA3B0A5476}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{47E54B66-89FC-479A-B3A2-2B531616967F}" = lport=40092 | protocol=6 | dir=in | name=streaming web cam |
"{538CC0A4-DE4C-4075-9A97-E048958EC4DB}" = lport=40090 | protocol=6 | dir=in | name=streaming web cam |
"{58566F7D-673E-4E9C-8AA0-9797B7FB10D8}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
"{5976F0A1-B183-4BAC-B3B7-EDD31F3C8B87}" = rport=139 | protocol=6 | dir=out | app=system |
"{5A00307B-5956-435A-8E3B-BD28E21CDD92}" = lport=139 | protocol=6 | dir=in | app=system |
"{657DFAB9-93F8-414E-84BF-6114501811BC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BCA0F46-0F90-4420-95D4-491AB1DA5F1B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6E6A17AD-A2E6-4F6A-8C09-C39F01A6B81C}" = lport=138 | protocol=17 | dir=in | app=system |
"{7E9AA02A-D7A7-4129-9491-094797A8865B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{809306B0-67A1-4FEC-82D8-8DD41379CB54}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{809C4791-DD57-4AC0-B90F-9F5928FE9D79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{845A2E8C-FDCA-42D9-8680-EC3B2E3AC138}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{86A410AB-C409-40FA-8842-EEBA82A97784}" = lport=8372 | protocol=6 | dir=in | name=league of legends launcher |
"{8AD4F7AC-59AC-48A6-B6C3-50B2BCF965BD}" = lport=40080 | protocol=6 | dir=in | name=remote access media server |
"{8B8A7006-7A51-464D-8A6A-F637551B6946}" = lport=3390 | protocol=6 | dir=in | app=system |
"{8EE2B822-789C-46C7-A101-DAD398E0B971}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8EF0D421-983B-4958-93DD-F126A680AEEC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8EF4B350-BF35-434C-A8CF-0DBF5C309DA6}" = lport=137 | protocol=17 | dir=in | app=system |
"{8FF0392D-A594-44D3-A3C3-625235199946}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
"{935C43B6-1F7A-4047-8720-77AE4121CF62}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9367014C-3E0B-4E42-80E0-59AEEB2812E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{95A065DA-414D-4BE6-B7FA-A976EF094E07}" = rport=138 | protocol=17 | dir=out | app=system |
"{A5255F21-6915-4AC5-ADE9-72801DF0F23C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AA0C5EDA-9EB5-44F8-954F-CEE60E1B6F2D}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{BC6ED3E4-5FC3-45FC-9E5D-322467018C5C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BDD03EB2-C82D-4C24-9FB6-C94DACA3326D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BDF30A95-D6C5-4412-BB62-37840EA0ED68}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BDF84798-D64E-471A-AF4B-8FEF61B608E6}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{C00CBA9A-38E4-4025-AC17-EB8DC513FC45}" = lport=40091 | protocol=6 | dir=in | name=streaming web cam |
"{C01F2F8C-FD92-4ADD-877B-D926202B2AC1}" = lport=8372 | protocol=17 | dir=in | name=league of legends launcher |
"{C2F0C580-A202-41CA-BEB5-D1A0274DC32B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C4435E7B-85BC-4A01-AF3E-EDF93AC3A54A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C8609546-0B8A-46E3-850D-C55A7503F4CD}" = lport=445 | protocol=6 | dir=in | app=system |
"{CD140302-2311-40DD-9911-E58C42EA7CEA}" = rport=10244 | protocol=6 | dir=out | app=system |
"{D0648027-FE65-427A-BC1C-62C0B50C952A}" = lport=40094 | protocol=6 | dir=in | name=streaming web cam |
"{D1416FE3-F6A3-43B5-8DAD-CA505DFEE713}" = lport=10244 | protocol=6 | dir=in | app=system |
"{D7E6F0D9-903E-476C-80FF-9B590DF5F15F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E60B6895-BB3E-4872-B6DE-A73FE97011AC}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{EE8610C1-2888-4E85-946A-10987CACFA1C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F00C8784-8B3F-404E-B3E3-0DA30A31B3A3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F28E1751-3D91-428F-8E72-BE48888D9BD6}" = lport=3390 | protocol=6 | dir=in | app=system |
"{F55D4715-AA07-4F6A-AF51-4C313D3CDC7D}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{F86E6340-46BD-4D83-9670-953033FA4949}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FFF61786-C93C-4696-B617-29C338F4B1B8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03495F8F-EBDC-4F34-98E1-CBA0A5D626AA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{06128F03-5676-48FF-AE0E-EF10A2499645}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{079818BB-8B98-4F07-BF40-C7CA4C0B68B9}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{08B6E4FC-9C68-4137-8890-8BBE79F64828}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{08F2ACE4-C38E-492C-9897-B4B3161FD9C5}" = protocol=6 | dir=in | app=c:\windows\syswow64\dldtcoms.exe |
"{09129A24-6C2E-4CA2-9B69-60FC5BBE324D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{09591418-C817-495C-9119-4A2976E083E3}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{0B44F5E5-5B2A-4B1F-852E-092FAE7A815B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0C546867-430C-4758-9BDB-B847F58C3DA3}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{0E6453C1-59FB-4109-8F02-F376BB2724C6}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{0F521A06-2AAF-4DF4-A8FA-39C9D6704CA1}" = protocol=6 | dir=in | app=c:\users\jordan\appdata\local\temp\dldt\wireless\english\dldtwpss.exe |
"{1041C266-DE0C-498D-8C19-DCD9487B870E}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{15D76E1B-BAA6-42DA-8692-B74DA5631129}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{21A425C1-403C-4831-AA8C-BD7C8BABA7A9}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{21E00228-C98F-45A5-9A37-3F5AF791B733}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{24D3D6A8-A98D-4D61-B133-042268AC48AD}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{288419E2-AF8D-4FBB-91F4-C0700FFDC4C3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{289338CC-E399-4136-BE56-611AEBE549D3}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldttime.exe |
"{291D84B1-C9A7-4B58-9892-DBBA33106A05}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2977910C-FFFC-4585-99AC-9FF4CF0B084D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{2992FD29-5A25-4620-8F62-952E7F5801EB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2DC93722-A2DA-4217-B949-ADFA301275A1}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{3156C0FC-C751-4868-94AD-FF86F6E11507}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{32376BB6-E9EA-4211-BC0C-A66A7D329AE5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\apache\bin\httpd.exe |
"{33DF5475-76B4-4505-A6E8-3396C13B0FBC}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{355C1828-E920-4822-8B31-499C19136970}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{3644D362-B2F2-4515-B591-0B41353335D7}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysqld.exe |
"{410B8C67-7854-448B-B27A-8F03F2EFFC65}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{435D1C8B-486B-42A4-8AC9-327037D2C77A}" = protocol=17 | dir=in | app=c:\windows\system32\dldtcoms.exe |
"{4446E8A7-82A6-483A-BDD9-A9D1FF6931CF}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{487BF0F8-8FED-49E7-A218-3F6D6BC43DA6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{4BB6CF00-6F3F-438E-A388-5A1396C13687}" = protocol=6 | dir=out | app=system |
"{4C6713E3-EC09-4A41-AE12-69D8695284F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C6DDFFB-CC35-4DD6-8367-1C72957B5B59}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{4C849F6E-21F8-47AA-8343-CB599FA130EF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4DD25291-925A-4977-8159-B2115CDEC1E7}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{4E549EA1-2896-493B-8A70-1F80A78D2B70}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{5077A0C7-4EAC-4B5B-BAF8-4595050DE8E5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{517B72CF-097F-4609-9538-674E22F718BC}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{53D8276D-571C-4012-9704-23647181777C}" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"{53E0244B-D85C-4A22-B970-3B9C2A16B33F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\apache\bin\httpd.exe |
"{560F8702-DA4A-404F-BFBA-7B5FA08F8401}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{5A655C02-9958-4681-9063-7E35FE2BEC56}" = protocol=6 | dir=in | app=c:\users\jordan\appdata\local\tversity\media server\mediaserver.exe |
"{5AA047F8-D0ED-495C-96FE-871394EC3EFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67908BC5-4E41-4FD8-BD94-D0C8826B53A9}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{69D5FC37-BFA4-452C-BBDE-6AD7B27EFF58}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{6EF6CA61-038A-4826-9A90-70F91B9F9257}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6F39CACB-58B5-46A0-88C6-93A0D560CBD0}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{70BD93FF-4FE0-40AE-A0D7-C35382AAA51B}" = protocol=17 | dir=in | app=c:\users\jordan\appdata\local\tversity\media server\mediaserver.exe |
"{70E3C8EF-07FF-411A-B3D0-CB5E37A0AA6C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\apache\php.exe |
"{716417C0-4F0B-472C-9EE9-3018342ED7E5}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{7471A8AC-C69B-43F9-9567-20457061308A}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v305\frun.exe |
"{74D2F64D-28F0-4AEB-885F-F0AF2F75C9A7}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{758F21BA-D520-45CF-A8E3-9FFB7A35F0DF}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{7A2F009A-99EC-46EF-B304-00B05A954B71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D198959-DF78-47A4-8E4D-D77B046E4658}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{7F1F9937-6D80-4D81-A34D-4A3EE202B7C4}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysql.exe |
"{80070346-7E2A-40D4-B619-0246F603F4A6}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{8B69F89F-2CBC-4BB8-9E85-384F03E20EB2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F374191-45F1-4818-94FD-199E6E1B0AE4}" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"{912AB418-2631-4E1A-829B-2ED06A445CE6}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{972E8CB4-F3CC-4194-A46F-17E242B70865}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{978CDB82-E662-4D76-A720-C95C2596A51D}" = protocol=6 | dir=in | app=c:\windows\system32\dldtcoms.exe |
"{A336B1D8-22A6-41C6-869E-7AF51A9D3CE6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A5828243-1A65-4574-8A37-234188C0BBB4}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtpswx.exe |
"{A653762A-38EF-4079-BF3E-3634A13BD1B3}" = protocol=17 | dir=in | app=c:\users\jordan\appdata\local\temp\dldt\wireless\english\dldtwpss.exe |
"{A73DC038-91C4-43EF-9305-CF3DC668750F}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{A754D3FD-8060-48E4-8D8E-5AA6F7F4100E}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A7A2E58E-1F36-4D16-8759-99645E68583E}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{AB3F7BE9-743F-43B5-993A-E8FD500C858A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{AD762A09-8480-4E18-A0DA-462BCA78DE01}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{B016AA85-0961-4741-95D7-E78F1E28685E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B36E1B83-9B75-4C53-9D89-FAD92A44AE0A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\apache\php.exe |
"{B4CF207A-50CB-4183-8BC2-CFB04DBFF5B8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{B7DF1E57-9D62-4DEA-8D69-0EC0F66CB58C}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{BB8006F1-46D7-449C-B03F-D833C13798A8}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{BC320B34-1BA7-4EC5-B73D-A9A1B5C6E278}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysql.exe |
"{BC3B7D78-2B32-4C53-A6E8-227D7F95F7D9}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtjswx.exe |
"{BECE60A9-7FD4-458A-8263-8CB5DC8EA306}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{C026C19D-9C71-4083-BD9A-570FBF2F2F0E}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v305\dldtmon.exe |
"{C3D69AE1-157A-4F41-95BB-98BED0F1E072}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{C82B303F-0F3D-461E-9D32-998D1FF733AB}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtjswx.exe |
"{CD99CD01-E1C2-4068-B99E-29C074D9B378}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{CF558BF4-666F-4387-9D78-55E730FD53D5}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v305\dldtamon.exe |
"{CF9282BC-E927-4762-A16B-AC2F79201660}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v305\dldtamon.exe |
"{D08E1395-27EB-4475-B080-929A64BE96FD}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{D0B3EE9E-7FF2-4585-AE62-8FBE34195F6E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtpswx.exe |
"{D3D047D2-539E-4722-BE83-9D1D3EEF7D81}" = protocol=17 | dir=in | app=c:\windows\syswow64\dldtcoms.exe |
"{D4A42FFD-C4DA-4BF4-A8C8-D9FA1CF1BC4E}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v305\frun.exe |
"{D6B55F73-DA40-48C3-8B05-84691D78AF99}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{D9888D4B-CB9C-4FAD-B38E-AAE02B4EF97C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{DA3F6555-6E44-4E3B-ABC7-9577FB5BCD5A}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{DBFE86A9-E947-406B-8F34-36900591E2F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DD6919F7-7A0F-45C9-A2B7-B90F02C28CC0}" = protocol=6 | dir=out | app=c:\windows\system32\msra.exe |
"{DE1B43E7-2C39-43D5-9881-ECA66DCE2367}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldttime.exe |
"{E13B73A7-B18F-4927-8B2D-C15FDCFD8769}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{E2E53493-0905-4B67-9254-5B67416DEADA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E3F33B2F-B142-425D-9BA2-B0D2163BFF77}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E4D14034-5958-4545-BA6D-BA6EB1A4DDD5}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{E564D18A-1418-4F9D-A29B-A7FD2414D343}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E5B4B287-851A-4164-A15A-1CDFFAE46600}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe |
"{E9D52595-5FEC-400D-861A-561D68F90F25}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{EAB48CB8-ADF7-4013-BFEF-A430523FD94C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F12C67F7-C67A-4544-ADD5-1CD65FC76DC2}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{F3C02907-E8B6-4EEE-9B33-853788CFFCA1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F3E0406A-D017-4F7C-B713-59BA5F19269B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysqld.exe |
"{F575827A-B73D-494C-BE08-3D1E8F1A397D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F65959BD-5D8D-4C73-84DC-C10A5C9237C8}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v305\dldtmon.exe |
"{F920315E-56F4-41BD-BB9A-1A63B9AF48A3}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{FA7D3828-6CBD-4BAA-B76A-DBCFC264DCFF}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{FBF394D2-0B12-4C17-8E8B-820FED1C2631}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{FCDF79C8-D313-405B-B1C9-622B67E23AA2}" = dir=in | app=c:\program files (x86)\pharossystems\core\ctskmstr.exe |
"{FDAAFEC4-9833-4974-BC04-28FCDBBA2AC4}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"TCP Query User{4DEECD8E-B16A-4071-9F16-DC132E31E6CA}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{7DE68880-B916-4AB9-AE20-6F7E6A0674BC}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{83433211-B507-4F57-AB0D-DBFC8FBF42CB}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{DE445069-4058-4959-8941-364DB05CF8B6}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{E0C0909A-19F0-4CEF-8CF5-EE706F4089D5}C:\program files (x86)\dell v305\dldtmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell v305\dldtmon.exe |
"TCP Query User{E9EC453D-3795-43D5-AC78-CFAE835F565B}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{ECDD3B46-4537-4EAA-BD9F-031B6E0B3000}C:\windows\system32\spool\drivers\x64\3\dldtpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtpswx.exe |
"TCP Query User{FD83358C-4DD3-45D5-B8F0-853B0FA9E753}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{1A0D7DD6-0E41-411F-98F1-6817A6BBEB9B}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"UDP Query User{50AC9F9F-AE07-4AF6-B2F7-8FFCDF010415}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{52B6C7AC-79F3-49BB-9ABE-A01CCA58F39A}C:\windows\system32\spool\drivers\x64\3\dldtpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtpswx.exe |
"UDP Query User{57E42E69-5467-49C4-B1D4-FDA09CFC498B}C:\program files (x86)\dell v305\dldtmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell v305\dldtmon.exe |
"UDP Query User{82175FC7-750D-4256-B16F-38527E9C724C}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{A730CE6F-F443-4751-90FF-4983FAF7C5D7}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{C3601F0E-AF0B-43F0-9297-E94BABF692B7}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{D9947450-04FC-4934-9778-4AB1AB644572}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4402
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{91415F19-4C22-3609-A105-92ED3522D83C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FF9F3663-0357-4132-AD8C-2BC1397D88AF}" = Symantec Endpoint Protection
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Dell V305" = Dell V305
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Dell Touchpad
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20B83B31-09C4-4F0E-9774-EF8A12A0A527}" = Adobe Device Central CS3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}" = Citrix Presentation Server Client - Web Only
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4BF021F7-37A7-4086-B4F1-D5914925D18B}" = VZAccess Manager
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{67635FB6-2F63-4FFB-830B-D4C01597EBA4}" = Microsoft Office Suite Activation Assistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}" = Sound Blaster X-Fi MB
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB249302-FB94-4578-84FE-7B856C315779}" = HTC Sync
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE057B84-3977-4107-AA5C-BD0600CDC8DF}" = MINITAB 14 Student
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Complete Care Consumer Service Agreement
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AIM_7" = AIM 7
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"HTC_WModemDriver" = WModem Driver Installer
"InstallShield_{DE057B84-3977-4107-AA5C-BD0600CDC8DF}" = MINITAB 14 Student
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSC" = McAfee SecurityCenter
"Pharos" = Pharos
"PROR" = Microsoft Office Professional 2007
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StarCraft" = StarCraft
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 440" = Team Fortress 2
"StreamTorrent 1.0" = StreamTorrent 1.0
"Veetle TV" = Veetle TV 0.9.18
"ViewpointMediaPlayer" = Viewpoint Media Player
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"FileZilla Client" = FileZilla Client 3.3.4.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/11/2010 9:54:36 PM | Computer Name = Jordan-PC | Source = Bonjour Service | ID = 100
Description =

Error - 10/11/2010 9:54:37 PM | Computer Name = Jordan-PC | Source = Bonjour Service | ID = 100
Description =

Error - 10/11/2010 9:54:37 PM | Computer Name = Jordan-PC | Source = Bonjour Service | ID = 100
Description =

Error - 10/11/2010 9:54:37 PM | Computer Name = Jordan-PC | Source = Bonjour Service | ID = 100
Description =

Error - 10/12/2010 12:03:38 AM | Computer Name = Jordan-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3909, time
stamp 0x4c8fdc89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp
0x49e03824, exception code 0xc0000005, fault offset 0x0001e562, process id 0xd30,
application start time 0x01cb68e2520ff57f.

Error - 10/12/2010 12:40:12 AM | Computer Name = Jordan-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e02a1e, faulting module explorer.exe, version 6.0.6002.18005, time stamp 0x49e02a1e,
exception code 0xc0000005, fault offset 0x0000000000026478, process id 0x1df0, application
start time 0x01cb69af96053cb0.

Error - 10/12/2010 1:40:21 AM | Computer Name = Jordan-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e02a1e, faulting module explorer.exe, version 6.0.6002.18005, time stamp 0x49e02a1e,
exception code 0xc0000005, fault offset 0x0000000000026478, process id 0xd10, application
start time 0x01cb69c792a80ca4.

Error - 10/12/2010 2:45:30 AM | Computer Name = Jordan-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e02a1e, faulting module explorer.exe, version 6.0.6002.18005, time stamp 0x49e02a1e,
exception code 0xc0000005, fault offset 0x0000000000026478, process id 0xccc, application
start time 0x01cb69cffa31f42e.

Error - 10/12/2010 10:30:42 AM | Computer Name = Jordan-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e02a1e, faulting module explorer.exe, version 6.0.6002.18005, time stamp 0x49e02a1e,
exception code 0xc0000005, fault offset 0x0000000000026478, process id 0x1b00, application
start time 0x01cb69d914bc4b85.

Error - 10/12/2010 1:31:35 PM | Computer Name = Jordan-PC | Source = Bonjour Service | ID = 100
Description =

[ Broadcom Wireless LAN Events ]
Error - 9/19/2010 11:39:46 PM | Computer Name = Jordan-PC | Source = WLAN-Tray | ID = 0
Description = 23:39:46, Sun, Sep 19, 10 Error - Unable to get current user admin
status

[ Media Center Events ]
Error - 8/30/2009 8:32:25 PM | Computer Name = Jordan-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 9/12/2009 3:24:38 PM | Computer Name = Jordan-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/17/2009 10:44:00 PM | Computer Name = Jordan-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/1/2009 12:09:14 AM | Computer Name = Jordan-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 12/23/2009 9:59:01 PM | Computer Name = Jordan-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/27/2010 6:34:57 PM | Computer Name = Jordan-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 10/18/2010 3:17:31 AM | Computer Name = Jordan-PC | Source = DCOM | ID = 10005
Description =

Error - 10/18/2010 3:17:32 AM | Computer Name = Jordan-PC | Source = DCOM | ID = 10005
Description =

Error - 10/18/2010 3:17:36 AM | Computer Name = Jordan-PC | Source = DCOM | ID = 10005
Description =

Error - 10/18/2010 3:17:41 AM | Computer Name = Jordan-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/18/2010 3:17:41 AM | Computer Name = Jordan-PC | Source = Service Control Manager | ID = 7001
Description =

jsf · Oct 24, 2010

OTL Extras logfile created on: 10/18/2010 9:29:02 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Jordan\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 68.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 358.95 Gb Free Space | 79.58% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 5.27 Gb Free Space | 35.97% Space Free | Partition Type: NTFS

Computer Name: JORDAN-PC | User Name: Jordan | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\Users\Jordan\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\Users\Jordan\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 00 96 B3 99 FC 76 CA 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002138F4-2ED1-4109-AA0F-F020E3376A2E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{05827987-8B39-4F64-B421-228C37E9809A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{074036D0-922C-4613-9073-4AF1FB8193A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0B9833A4-F2E5-4195-BB09-A829CC1D076D}" = rport=445 | protocol=6 | dir=out | app=system |
"{1408711E-9C56-4307-824F-D5D526A2EAB6}" = rport=137 | protocol=17 | dir=out | app=system |
"{23D6EEA0-83FE-4B58-A023-97E3C0E78CC1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{24B42DF4-A533-44AC-AFF5-B210F5F50573}" = lport=10244 | protocol=6 | dir=in | app=system |
"{3462D771-BBE1-490B-AF5A-5B96E910CCA4}" = rport=10244 | protocol=6 | dir=out | app=system |
"{36F9DD7D-3822-4315-9E59-E261D83F699E}" = lport=40093 | protocol=6 | dir=in | name=streaming web cam |
"{3C9EED42-6D29-44C3-B8C1-ABDA3B0A5476}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{47E54B66-89FC-479A-B3A2-2B531616967F}" = lport=40092 | protocol=6 | dir=in | name=streaming web cam |
"{538CC0A4-DE4C-4075-9A97-E048958EC4DB}" = lport=40090 | protocol=6 | dir=in | name=streaming web cam |
"{58566F7D-673E-4E9C-8AA0-9797B7FB10D8}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
"{5976F0A1-B183-4BAC-B3B7-EDD31F3C8B87}" = rport=139 | protocol=6 | dir=out | app=system |
"{5A00307B-5956-435A-8E3B-BD28E21CDD92}" = lport=139 | protocol=6 | dir=in | app=system |
"{657DFAB9-93F8-414E-84BF-6114501811BC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BCA0F46-0F90-4420-95D4-491AB1DA5F1B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6E6A17AD-A2E6-4F6A-8C09-C39F01A6B81C}" = lport=138 | protocol=17 | dir=in | app=system |
"{7E9AA02A-D7A7-4129-9491-094797A8865B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{809306B0-67A1-4FEC-82D8-8DD41379CB54}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{809C4791-DD57-4AC0-B90F-9F5928FE9D79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{845A2E8C-FDCA-42D9-8680-EC3B2E3AC138}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{86A410AB-C409-40FA-8842-EEBA82A97784}" = lport=8372 | protocol=6 | dir=in | name=league of legends launcher |
"{8AD4F7AC-59AC-48A6-B6C3-50B2BCF965BD}" = lport=40080 | protocol=6 | dir=in | name=remote access media server |
"{8B8A7006-7A51-464D-8A6A-F637551B6946}" = lport=3390 | protocol=6 | dir=in | app=system |
"{8EE2B822-789C-46C7-A101-DAD398E0B971}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8EF0D421-983B-4958-93DD-F126A680AEEC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8EF4B350-BF35-434C-A8CF-0DBF5C309DA6}" = lport=137 | protocol=17 | dir=in | app=system |
"{8FF0392D-A594-44D3-A3C3-625235199946}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
"{935C43B6-1F7A-4047-8720-77AE4121CF62}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9367014C-3E0B-4E42-80E0-59AEEB2812E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{95A065DA-414D-4BE6-B7FA-A976EF094E07}" = rport=138 | protocol=17 | dir=out | app=system |
"{A5255F21-6915-4AC5-ADE9-72801DF0F23C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AA0C5EDA-9EB5-44F8-954F-CEE60E1B6F2D}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{BC6ED3E4-5FC3-45FC-9E5D-322467018C5C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BDD03EB2-C82D-4C24-9FB6-C94DACA3326D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BDF30A95-D6C5-4412-BB62-37840EA0ED68}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BDF84798-D64E-471A-AF4B-8FEF61B608E6}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{C00CBA9A-38E4-4025-AC17-EB8DC513FC45}" = lport=40091 | protocol=6 | dir=in | name=streaming web cam |
"{C01F2F8C-FD92-4ADD-877B-D926202B2AC1}" = lport=8372 | protocol=17 | dir=in | name=league of legends launcher |
"{C2F0C580-A202-41CA-BEB5-D1A0274DC32B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C4435E7B-85BC-4A01-AF3E-EDF93AC3A54A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C8609546-0B8A-46E3-850D-C55A7503F4CD}" = lport=445 | protocol=6 | dir=in | app=system |
"{CD140302-2311-40DD-9911-E58C42EA7CEA}" = rport=10244 | protocol=6 | dir=out | app=system |
"{D0648027-FE65-427A-BC1C-62C0B50C952A}" = lport=40094 | protocol=6 | dir=in | name=streaming web cam |
"{D1416FE3-F6A3-43B5-8DAD-CA505DFEE713}" = lport=10244 | protocol=6 | dir=in | app=system |
"{D7E6F0D9-903E-476C-80FF-9B590DF5F15F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E60B6895-BB3E-4872-B6DE-A73FE97011AC}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{EE8610C1-2888-4E85-946A-10987CACFA1C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F00C8784-8B3F-404E-B3E3-0DA30A31B3A3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F28E1751-3D91-428F-8E72-BE48888D9BD6}" = lport=3390 | protocol=6 | dir=in | app=system |
"{F55D4715-AA07-4F6A-AF51-4C313D3CDC7D}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{F86E6340-46BD-4D83-9670-953033FA4949}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FFF61786-C93C-4696-B617-29C338F4B1B8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03495F8F-EBDC-4F34-98E1-CBA0A5D626AA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{06128F03-5676-48FF-AE0E-EF10A2499645}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{079818BB-8B98-4F07-BF40-C7CA4C0B68B9}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{08B6E4FC-9C68-4137-8890-8BBE79F64828}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{08F2ACE4-C38E-492C-9897-B4B3161FD9C5}" = protocol=6 | dir=in | app=c:\windows\syswow64\dldtcoms.exe |
"{09129A24-6C2E-4CA2-9B69-60FC5BBE324D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{09591418-C817-495C-9119-4A2976E083E3}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{0B44F5E5-5B2A-4B1F-852E-092FAE7A815B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0C546867-430C-4758-9BDB-B847F58C3DA3}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{0E6453C1-59FB-4109-8F02-F376BB2724C6}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{0F521A06-2AAF-4DF4-A8FA-39C9D6704CA1}" = protocol=6 | dir=in | app=c:\users\jordan\appdata\local\temp\dldt\wireless\english\dldtwpss.exe |
"{1041C266-DE0C-498D-8C19-DCD9487B870E}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{15D76E1B-BAA6-42DA-8692-B74DA5631129}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{21A425C1-403C-4831-AA8C-BD7C8BABA7A9}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{21E00228-C98F-45A5-9A37-3F5AF791B733}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{24D3D6A8-A98D-4D61-B133-042268AC48AD}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{288419E2-AF8D-4FBB-91F4-C0700FFDC4C3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{289338CC-E399-4136-BE56-611AEBE549D3}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldttime.exe |
"{291D84B1-C9A7-4B58-9892-DBBA33106A05}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2977910C-FFFC-4585-99AC-9FF4CF0B084D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{2992FD29-5A25-4620-8F62-952E7F5801EB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2DC93722-A2DA-4217-B949-ADFA301275A1}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{3156C0FC-C751-4868-94AD-FF86F6E11507}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{32376BB6-E9EA-4211-BC0C-A66A7D329AE5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\apache\bin\httpd.exe |
"{33DF5475-76B4-4505-A6E8-3396C13B0FBC}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{355C1828-E920-4822-8B31-499C19136970}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{3644D362-B2F2-4515-B591-0B41353335D7}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysqld.exe |
"{410B8C67-7854-448B-B27A-8F03F2EFFC65}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{435D1C8B-486B-42A4-8AC9-327037D2C77A}" = protocol=17 | dir=in | app=c:\windows\system32\dldtcoms.exe |
"{4446E8A7-82A6-483A-BDD9-A9D1FF6931CF}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{487BF0F8-8FED-49E7-A218-3F6D6BC43DA6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{4BB6CF00-6F3F-438E-A388-5A1396C13687}" = protocol=6 | dir=out | app=system |
"{4C6713E3-EC09-4A41-AE12-69D8695284F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C6DDFFB-CC35-4DD6-8367-1C72957B5B59}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{4C849F6E-21F8-47AA-8343-CB599FA130EF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4DD25291-925A-4977-8159-B2115CDEC1E7}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{4E549EA1-2896-493B-8A70-1F80A78D2B70}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{5077A0C7-4EAC-4B5B-BAF8-4595050DE8E5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{517B72CF-097F-4609-9538-674E22F718BC}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{53D8276D-571C-4012-9704-23647181777C}" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"{53E0244B-D85C-4A22-B970-3B9C2A16B33F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\apache\bin\httpd.exe |
"{560F8702-DA4A-404F-BFBA-7B5FA08F8401}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{5A655C02-9958-4681-9063-7E35FE2BEC56}" = protocol=6 | dir=in | app=c:\users\jordan\appdata\local\tversity\media server\mediaserver.exe |
"{5AA047F8-D0ED-495C-96FE-871394EC3EFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67908BC5-4E41-4FD8-BD94-D0C8826B53A9}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{69D5FC37-BFA4-452C-BBDE-6AD7B27EFF58}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{6EF6CA61-038A-4826-9A90-70F91B9F9257}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6F39CACB-58B5-46A0-88C6-93A0D560CBD0}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{70BD93FF-4FE0-40AE-A0D7-C35382AAA51B}" = protocol=17 | dir=in | app=c:\users\jordan\appdata\local\tversity\media server\mediaserver.exe |
"{70E3C8EF-07FF-411A-B3D0-CB5E37A0AA6C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\apache\php.exe |
"{716417C0-4F0B-472C-9EE9-3018342ED7E5}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{7471A8AC-C69B-43F9-9567-20457061308A}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v305\frun.exe |
"{74D2F64D-28F0-4AEB-885F-F0AF2F75C9A7}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{758F21BA-D520-45CF-A8E3-9FFB7A35F0DF}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{7A2F009A-99EC-46EF-B304-00B05A954B71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D198959-DF78-47A4-8E4D-D77B046E4658}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{7F1F9937-6D80-4D81-A34D-4A3EE202B7C4}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysql.exe |
"{80070346-7E2A-40D4-B619-0246F603F4A6}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{8B69F89F-2CBC-4BB8-9E85-384F03E20EB2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F374191-45F1-4818-94FD-199E6E1B0AE4}" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"{912AB418-2631-4E1A-829B-2ED06A445CE6}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{972E8CB4-F3CC-4194-A46F-17E242B70865}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{978CDB82-E662-4D76-A720-C95C2596A51D}" = protocol=6 | dir=in | app=c:\windows\system32\dldtcoms.exe |
"{A336B1D8-22A6-41C6-869E-7AF51A9D3CE6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A5828243-1A65-4574-8A37-234188C0BBB4}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtpswx.exe |
"{A653762A-38EF-4079-BF3E-3634A13BD1B3}" = protocol=17 | dir=in | app=c:\users\jordan\appdata\local\temp\dldt\wireless\english\dldtwpss.exe |
"{A73DC038-91C4-43EF-9305-CF3DC668750F}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{A754D3FD-8060-48E4-8D8E-5AA6F7F4100E}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A7A2E58E-1F36-4D16-8759-99645E68583E}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{AB3F7BE9-743F-43B5-993A-E8FD500C858A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{AD762A09-8480-4E18-A0DA-462BCA78DE01}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{B016AA85-0961-4741-95D7-E78F1E28685E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B36E1B83-9B75-4C53-9D89-FAD92A44AE0A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\apache\php.exe |
"{B4CF207A-50CB-4183-8BC2-CFB04DBFF5B8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{B7DF1E57-9D62-4DEA-8D69-0EC0F66CB58C}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{BB8006F1-46D7-449C-B03F-D833C13798A8}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{BC320B34-1BA7-4EC5-B73D-A9A1B5C6E278}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysql.exe |
"{BC3B7D78-2B32-4C53-A6E8-227D7F95F7D9}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtjswx.exe |
"{BECE60A9-7FD4-458A-8263-8CB5DC8EA306}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{C026C19D-9C71-4083-BD9A-570FBF2F2F0E}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v305\dldtmon.exe |
"{C3D69AE1-157A-4F41-95BB-98BED0F1E072}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{C82B303F-0F3D-461E-9D32-998D1FF733AB}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtjswx.exe |
"{CD99CD01-E1C2-4068-B99E-29C074D9B378}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{CF558BF4-666F-4387-9D78-55E730FD53D5}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v305\dldtamon.exe |
"{CF9282BC-E927-4762-A16B-AC2F79201660}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v305\dldtamon.exe |
"{D08E1395-27EB-4475-B080-929A64BE96FD}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{D0B3EE9E-7FF2-4585-AE62-8FBE34195F6E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtpswx.exe |
"{D3D047D2-539E-4722-BE83-9D1D3EEF7D81}" = protocol=17 | dir=in | app=c:\windows\syswow64\dldtcoms.exe |
"{D4A42FFD-C4DA-4BF4-A8C8-D9FA1CF1BC4E}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v305\frun.exe |
"{D6B55F73-DA40-48C3-8B05-84691D78AF99}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{D9888D4B-CB9C-4FAD-B38E-AAE02B4EF97C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{DA3F6555-6E44-4E3B-ABC7-9577FB5BCD5A}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{DBFE86A9-E947-406B-8F34-36900591E2F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DD6919F7-7A0F-45C9-A2B7-B90F02C28CC0}" = protocol=6 | dir=out | app=c:\windows\system32\msra.exe |
"{DE1B43E7-2C39-43D5-9881-ECA66DCE2367}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldttime.exe |
"{E13B73A7-B18F-4927-8B2D-C15FDCFD8769}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{E2E53493-0905-4B67-9254-5B67416DEADA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E3F33B2F-B142-425D-9BA2-B0D2163BFF77}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E4D14034-5958-4545-BA6D-BA6EB1A4DDD5}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{E564D18A-1418-4F9D-A29B-A7FD2414D343}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E5B4B287-851A-4164-A15A-1CDFFAE46600}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe |
"{E9D52595-5FEC-400D-861A-561D68F90F25}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{EAB48CB8-ADF7-4013-BFEF-A430523FD94C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F12C67F7-C67A-4544-ADD5-1CD65FC76DC2}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{F3C02907-E8B6-4EEE-9B33-853788CFFCA1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F3E0406A-D017-4F7C-B713-59BA5F19269B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysqld.exe |
"{F575827A-B73D-494C-BE08-3D1E8F1A397D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F65959BD-5D8D-4C73-84DC-C10A5C9237C8}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v305\dldtmon.exe |
"{F920315E-56F4-41BD-BB9A-1A63B9AF48A3}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{FA7D3828-6CBD-4BAA-B76A-DBCFC264DCFF}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{FBF394D2-0B12-4C17-8E8B-820FED1C2631}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{FCDF79C8-D313-405B-B1C9-622B67E23AA2}" = dir=in | app=c:\program files (x86)\pharossystems\core\ctskmstr.exe |
"{FDAAFEC4-9833-4974-BC04-28FCDBBA2AC4}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"TCP Query User{4DEECD8E-B16A-4071-9F16-DC132E31E6CA}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{7DE68880-B916-4AB9-AE20-6F7E6A0674BC}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{83433211-B507-4F57-AB0D-DBFC8FBF42CB}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{DE445069-4058-4959-8941-364DB05CF8B6}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{E0C0909A-19F0-4CEF-8CF5-EE706F4089D5}C:\program files (x86)\dell v305\dldtmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell v305\dldtmon.exe |
"TCP Query User{E9EC453D-3795-43D5-AC78-CFAE835F565B}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{ECDD3B46-4537-4EAA-BD9F-031B6E0B3000}C:\windows\system32\spool\drivers\x64\3\dldtpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtpswx.exe |
"TCP Query User{FD83358C-4DD3-45D5-B8F0-853B0FA9E753}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{1A0D7DD6-0E41-411F-98F1-6817A6BBEB9B}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"UDP Query User{50AC9F9F-AE07-4AF6-B2F7-8FFCDF010415}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{52B6C7AC-79F3-49BB-9ABE-A01CCA58F39A}C:\windows\system32\spool\drivers\x64\3\dldtpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtpswx.exe |
"UDP Query User{57E42E69-5467-49C4-B1D4-FDA09CFC498B}C:\program files (x86)\dell v305\dldtmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell v305\dldtmon.exe |
"UDP Query User{82175FC7-750D-4256-B16F-38527E9C724C}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{A730CE6F-F443-4751-90FF-4983FAF7C5D7}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{C3601F0E-AF0B-43F0-9297-E94BABF692B7}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{D9947450-04FC-4934-9778-4AB1AB644572}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4402
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{91415F19-4C22-3609-A105-92ED3522D83C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FF9F3663-0357-4132-AD8C-2BC1397D88AF}" = Symantec Endpoint Protection
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Dell V305" = Dell V305
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Dell Touchpad
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20B83B31-09C4-4F0E-9774-EF8A12A0A527}" = Adobe Device Central CS3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}" = Citrix Presentation Server Client - Web Only
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4BF021F7-37A7-4086-B4F1-D5914925D18B}" = VZAccess Manager
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{67635FB6-2F63-4FFB-830B-D4C01597EBA4}" = Microsoft Office Suite Activation Assistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}" = Sound Blaster X-Fi MB
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB249302-FB94-4578-84FE-7B856C315779}" = HTC Sync
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE057B84-3977-4107-AA5C-BD0600CDC8DF}" = MINITAB 14 Student
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Complete Care Consumer Service Agreement
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AIM_7" = AIM 7
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"HTC_WModemDriver" = WModem Driver Installer
"InstallShield_{DE057B84-3977-4107-AA5C-BD0600CDC8DF}" = MINITAB 14 Student
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSC" = McAfee SecurityCenter
"Pharos" = Pharos
"PROR" = Microsoft Office Professional 2007
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StarCraft" = StarCraft
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 440" = Team Fortress 2
"StreamTorrent 1.0" = StreamTorrent 1.0
"Veetle TV" = Veetle TV 0.9.18
"ViewpointMediaPlayer" = Viewpoint Media Player
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"FileZilla Client" = FileZilla Client 3.3.4.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/11/2010 9:54:36 PM | Computer Name = Jordan-PC | Source = Bonjour Service | ID = 100
Description =

Error - 10/11/2010 9:54:37 PM | Computer Name = Jordan-PC | Source = Bonjour Service | ID = 100
Description =

Error - 10/11/2010 9:54:37 PM | Computer Name = Jordan-PC | Source = Bonjour Service | ID = 100
Description =

Error - 10/11/2010 9:54:37 PM | Computer Name = Jordan-PC | Source = Bonjour Service | ID = 100
Description =

Error - 10/12/2010 12:03:38 AM | Computer Name = Jordan-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3909, time
stamp 0x4c8fdc89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp
0x49e03824, exception code 0xc0000005, fault offset 0x0001e562, process id 0xd30,
application start time 0x01cb68e2520ff57f.

Error - 10/12/2010 12:40:12 AM | Computer Name = Jordan-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e02a1e, faulting module explorer.exe, version 6.0.6002.18005, time stamp 0x49e02a1e,
exception code 0xc0000005, fault offset 0x0000000000026478, process id 0x1df0, application
start time 0x01cb69af96053cb0.

Error - 10/12/2010 1:40:21 AM | Computer Name = Jordan-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e02a1e, faulting module explorer.exe, version 6.0.6002.18005, time stamp 0x49e02a1e,
exception code 0xc0000005, fault offset 0x0000000000026478, process id 0xd10, application
start time 0x01cb69c792a80ca4.

Error - 10/12/2010 2:45:30 AM | Computer Name = Jordan-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e02a1e, faulting module explorer.exe, version 6.0.6002.18005, time stamp 0x49e02a1e,
exception code 0xc0000005, fault offset 0x0000000000026478, process id 0xccc, application
start time 0x01cb69cffa31f42e.

Error - 10/12/2010 10:30:42 AM | Computer Name = Jordan-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e02a1e, faulting module explorer.exe, version 6.0.6002.18005, time stamp 0x49e02a1e,
exception code 0xc0000005, fault offset 0x0000000000026478, process id 0x1b00, application
start time 0x01cb69d914bc4b85.

Error - 10/12/2010 1:31:35 PM | Computer Name = Jordan-PC | Source = Bonjour Service | ID = 100
Description =

[ Broadcom Wireless LAN Events ]
Error - 9/19/2010 11:39:46 PM | Computer Name = Jordan-PC | Source = WLAN-Tray | ID = 0
Description = 23:39:46, Sun, Sep 19, 10 Error - Unable to get current user admin
status

[ Media Center Events ]
Error - 8/30/2009 8:32:25 PM | Computer Name = Jordan-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 9/12/2009 3:24:38 PM | Computer Name = Jordan-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

jsf · Oct 24, 2010

Error - 11/17/2009 10:44:00 PM | Computer Name = Jordan-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/1/2009 12:09:14 AM | Computer Name = Jordan-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 12/23/2009 9:59:01 PM | Computer Name = Jordan-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/27/2010 6:34:57 PM | Computer Name = Jordan-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 10/18/2010 3:17:31 AM | Computer Name = Jordan-PC | Source = DCOM | ID = 10005
Description =

Error - 10/18/2010 3:17:32 AM | Computer Name = Jordan-PC | Source = DCOM | ID = 10005
Description =

Error - 10/18/2010 3:17:36 AM | Computer Name = Jordan-PC | Source = DCOM | ID = 10005
Description =

Error - 10/18/2010 3:17:41 AM | Computer Name = Jordan-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/18/2010 3:17:41 AM | Computer Name = Jordan-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/18/2010 3:17:41 AM | Computer Name = Jordan-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/18/2010 3:17:41 AM | Computer Name = Jordan-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/18/2010 3:17:41 AM | Computer Name = Jordan-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/18/2010 3:19:05 AM | Computer Name = Jordan-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/18/2010 3:21:07 AM | Computer Name = Jordan-PC | Source = DCOM | ID = 10005
Description =

< End of report >

jsf · Nov 4, 2010

Hey, sorry to bump but I figure you answer lots of these and some might get lost in the mix. Still having my issue, so I would appreciate any additional help.

Bobbye · Nov 5, 2010

OTL Custom Scan Fixes

Run OTL

Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:

Code:

:OTL
"TCP Query User{4DEECD8E-B16A-4071-9F16-DC132E31E6CA}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
O4 - HKLM..\Run: [FAStartup] File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{12f84631-a917-11de-851f-002556d8d8b4}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{38fb6d56-0ab5-11df-bd78-002556d8d8b4}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{a45403fc-d1e7-11df-891b-002556d8d8b4}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe -- File not found
O33 - MountPoints2\{a4540498-d1e7-11df-891b-002556d8d8b4}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe -- File not found
O33 - MountPoints2\{a45404df-d1e7-11df-891b-002556d8d8b4}\Shell\AutoRun\command - "" = H:\TL-Bootstrap.exe -- File not found
O33 - MountPoints2\{a45404fd-d1e7-11df-891b-002556d8d8b4}\Shell\AutoRun\command - "" = H:\TL-Bootstrap.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
@Alternate Data Stream - 64 bytes -> C:\Users\Jordan\Desktop\video.mp4:TOC.WMV
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:456A69E6
 
:Reg
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
helpfile [open] -- Reg Error: Key error.
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
helpfile [open] -- Reg Error: Key error.
regfile [merge] -- Reg Error: Key error.
txtfile [edit] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ViewpointMediaPlayer"
"StreamTorrent 1.0" 
:Files
:Commands
[purity]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run uninterrupted, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

============================================
I see see processes for multiple AV programs. If you used a removal tool for an AV, then the tool can be deleted after the program is deleted:
Decide which AV you want to keep. Then run the removal tool for the others. Delete the program folder in Windows Explorer> My Comuter> Local Drive> Programs:
[2010/10/19 10:45:44 C] (Symantec Corporation) -- C:\Users\Jordan\Desktop\Norton_Removal_Tool.exe
[2010/10/18 09:27:39 C] (Kaspersky Lab ZAO) -- C:\Users\Jordan\Desktop\TDSSKiller.exe
[2010/10/18 09:51:17 |C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\Jordan\Desktop\JavaRa.exe
[2010/10/18 01:47:17 | -D | C] -- C:\Program Files\Alwil Software
[2010/10/19 14:45:02 | M] () -- C:\Users\Jordan\Desktop\esetsmartinstaller_enu(2).exe
[2010/10/19 11:32:03 | M] () -- C:\Users\Jordan\Desktop\esetsmartinstaller_enu.exe
[2010/10/19 10:45:44 | M] (Symantec Corporation) -- C:\Users\Jordan\Desktop\Norton_Removal_Tool.exe
[2010/10/18 09:29:26 | M] () -- C:\Users\Jordan\Desktop\SystemLook.exe
[2010/10/04 09:08:00 | M] (Kaspersky Lab ZAO) -- C:\Users\Jordan\Desktop\TDSSKiller.exe
[2010/10/22 19:27:21 | C] () -- C:\Users\Jordan\Desktop\ComboFix(2).exe
[2010/10/19 17:09:07 | C] () -- C:\Program Files (x86)\ComboFix(2).exe
[2010/10/22 19:27:21 | M] () -- C:\Users\Jordan\Desktop\ComboFix(2).exe
[2010/10/19 17:09:08 | M] () -- C:\Program Files (x86)\ComboFix(2).exe
====================================================
Solutions that have worked for the faulting explorer.exe app.faulting explorer.exe module:
Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e02a1e, faulting module explorer.exe, version 6.0.6002.18005
1 For AMD> Disable K8 Cool n Quiet in bios;
2.Intel> Disable any energy saving features in bios.
3.You will find it necessary to disable in the BIOS any hardware based CPU throttling capability, including hardware based energy controls. The desktop clock no longer runs slow.
====================================
The description of all the System Event Errors were missing:
[ System Events ]
Error - 10/18/2010 3:17:31 AM | Computer Name = Jordan-PC | Source = DCOM | ID = 10005
Description = ??????
=======================================
You should also go into the User Accounts in the Control Panel. See if you hove 2 Administrators- of you do, reduce the privileges of one or the other.

jsf · Nov 6, 2010

Hey so the fix is running but is now not responding and has been stuck at this part for like 11 hours: [HKEY_LOCAL_MACHINE\Classes\<key>\shell\[command]\command]. It ran really quickly until then and has been frozen ever since. I know you said don't interrupt it so I've left it for now.

Sorry for the issue, thanks for your help

Bobbye · Nov 11, 2010

Please bring me current to your status at this point

Resolved Win32:Bamital-x Virus Issue

Posts: 17 +0

Posts: 17 +0

Posts: 16,313 +36

Posts: 17 +0

Posts: 17 +0

Posts: 16,313 +36

Posts: 17 +0

Posts: 16,313 +36

Posts: 17 +0

Posts: 16,313 +36

Posts: 17 +0

Posts: 16,313 +36

Posts: 17 +0

Posts: 16,313 +36

Posts: 17 +0

Posts: 16,313 +36

Posts: 17 +0

Posts: 17 +0

Posts: 17 +0

Posts: 17 +0

Posts: 17 +0

Posts: 17 +0

Posts: 16,313 +36

Posts: 17 +0

Posts: 16,313 +36

Similar threads