Jump to content

southjoey07

Members
  • Posts

    10
  • Joined

  • Last visited

Everything posted by southjoey07

  1. wow, just ran it and its gone. Thank You!! heres the log. What did the ipconfig commands do? Im a MIS student about to graduate and it seems like im still behind everyone since they started at age 8, and i started learning and becoming interested around freshmen year. Thank you again, Joey G. Malwarebytes' Anti-Malware 1.44 Database version: 3732 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 2/12/2010 11:01:54 PM mbam-log-2010-02-12 (23-01-54).txt Scan type: Quick Scan Objects scanned: 99117 Time elapsed: 3 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  2. Ok...after i run ipconfig /release, it says No operation can be performed on Local Area Connection while it has its media disconected. Does it have something to do with wireless?? Or is that suppose to happen? Thanks
  3. I updated and ran it. Gives me the same result. Heres the log: Malwarebytes' Anti-Malware 1.44 Database version: 3730 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 2/12/2010 12:25:31 PM mbam-log-2010-02-12 (12-25-31).txt Scan type: Quick Scan Objects scanned: 99012 Time elapsed: 3 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.166.105 93.188.161.105 1.2.3.4 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49ed5f7e-ff5b-402f-9c3f-0eba312858f0}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.166.105 93.188.161.105 1.2.3.4 -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  4. Everything seems fine...i get no redirect or show any symptoms of the trojan.dnschanger...my pc has crashed twice in the past week. Its just when i run malwarebytes it gives me the same two trojans. i delete and when i reboot and run, its still there. Could it be a false positive?? Thank you Joey G
  5. OTL logfile created on: 2/9/2010 10:35:41 PM - Run 1 OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Joey\Downloads Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free 7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288.05 Gb Total Space | 131.61 Gb Free Space | 45.69% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 4.86 Gb Free Space | 48.57% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JOEYGRASICH Current User Name: Joey Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/02/09 22:33:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Joey\Downloads\OTL.exe PRC - [2010/01/28 16:09:31 | 002,757,512 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010/01/28 16:09:28 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe PRC - [2009/12/31 12:04:47 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe PRC - [2009/12/12 14:22:34 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe PRC - [2009/12/12 14:22:34 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2009/10/15 22:18:05 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2009/10/15 22:18:05 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe PRC - [2009/10/15 22:18:05 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2009/10/15 22:18:04 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/06/10 15:18:10 | 000,785,520 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe PRC - [2008/05/02 23:16:00 | 000,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe PRC - [2007/04/30 19:43:54 | 003,450,608 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe PRC - [2006/10/03 10:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe PRC - [2006/08/04 18:39:20 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe ========== Modules (SafeList) ========== MOD - [2010/02/09 22:33:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Joey\Downloads\OTL.exe MOD - [2009/10/15 22:18:08 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll MOD - [2009/04/11 00:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (stllssvr) SRV - [2010/01/28 16:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010/01/28 16:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010/01/28 16:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2009/10/20 12:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2009/10/15 22:18:05 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc) SRV - [2009/10/15 22:18:04 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2009/09/24 19:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/03/23 19:40:10 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009/02/02 22:15:58 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c985b6226d7051) Google Update Service (gupdate1c985b6226d7051) SRV - [2008/09/10 16:39:48 | 000,536,872 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2008/08/29 09:18:44 | 000,238,888 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/05/02 23:16:00 | 000,118,784 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc) SRV - [2008/01/20 20:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters) SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) SRV - [2006/11/02 06:34:14 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart) SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/08/04 18:39:20 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService) SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - [2010/01/28 15:57:55 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010/01/28 15:57:34 | 000,163,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010/01/28 15:54:42 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010/01/28 15:54:27 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2010/01/28 15:54:05 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009/11/09 19:08:29 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2009/10/20 12:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2009/10/15 22:18:26 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2009/10/15 22:18:26 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2009/09/28 01:02:42 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter) DRV - [2009/07/14 18:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009/03/27 00:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz132_x32.sys -- (cpuz132) DRV - [2008/04/17 12:12:54 | 000,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2008/01/26 02:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32) DRV - [2008/01/24 11:06:40 | 002,054,872 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008/01/20 20:21:35 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008/01/20 20:21:35 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008/01/20 20:21:35 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008/01/20 20:21:34 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008/01/20 20:21:34 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008/01/20 20:21:34 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008/01/20 20:21:33 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008/01/20 20:21:33 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008/01/20 20:21:33 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel® DRV - [2008/01/20 20:21:33 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008/01/20 20:21:32 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008/01/20 20:21:32 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008/01/20 20:21:32 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008/01/20 20:21:31 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008/01/20 20:21:31 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008/01/20 20:21:31 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008/01/20 20:21:31 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008/01/20 20:21:30 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008/01/20 20:21:29 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008/01/20 20:21:29 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008/01/20 20:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008/01/20 20:21:28 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008/01/20 20:21:09 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008/01/20 20:21:09 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008/01/20 20:21:09 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007/03/23 05:09:16 | 000,129,832 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32) DRV - [2007/03/15 07:57:30 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv) DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006/11/02 01:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV) DRV - [2006/11/02 00:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv) DRV - [2006/10/18 12:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2006/10/18 12:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2) DRV - [2006/10/18 12:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006/06/19 15:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=1070813 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=1070813 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.yahoo.com" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/21 11:29:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/30 21:55:58 | 000,000,000 | ---D | M] [2009/05/11 11:09:21 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Mozilla\Extensions [2009/05/11 11:09:21 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Mozilla\Extensions\prism@developer.mozilla.org [2010/02/09 12:19:35 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\0p724znd.default\extensions [2010/01/21 11:40:16 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\0p724znd.default\extensions\personas@christopher.beard [2010/02/03 11:49:23 | 000,001,945 | ---- | M] () -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\0p724znd.default\searchplugins\ninjavideo.xml [2010/02/09 12:19:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (no name) - {BA0BACB5-FC95-451E-94D2-4959AB0949D2} - No CLSID value found. O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - {F2BADA0D-FD61-45EF-A994-64A073FD6613} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2787EA8E-8D87-48AF-88AD-B30246C917AB} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F2BADA0D-FD61-45EF-A994-64A073FD6613} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.) O4 - HKCU..\Run: [Google Update] C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - Startup: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock) O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 93.188.166.105 93.188.161.105 1.2.3.4 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp O24 - Desktop BackupWallPaper: C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5e4ad3c8-0f0b-11de-9785-001aa05334d8}\Shell - "" = AutoRun O33 - MountPoints2\{5e4ad3c8-0f0b-11de-9785-001aa05334d8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{bd086250-8c57-11de-a94d-001aa05334d8}\Shell - "" = AutoRun O33 - MountPoints2\{bd086250-8c57-11de-a94d-001aa05334d8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (aswBoot.exe /A:"C:" /L:"1033" /heur:80 /pup /archives /IA:0 /KBD:2 /dir:"C:\Program Files\Alwil Software\Avast5") - C:\Windows\System32\aswBoot.exe (ALWIL Software) O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/02/09 14:57:37 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010/02/09 13:24:06 | 000,000,000 | ---D | C] -- C:\Users\Joey\Desktop\New Folder [2010/02/09 01:25:33 | 000,163,280 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys [2010/02/09 01:25:33 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2010/02/09 01:25:33 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys [2010/02/09 01:25:33 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys [2010/02/09 01:25:33 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2010/02/09 01:25:00 | 000,152,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe [2010/02/09 01:25:00 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr [2010/02/09 01:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software [2010/02/09 01:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2010/01/27 19:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010/01/27 19:10:02 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010/01/27 19:10:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010/01/27 19:10:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010/01/27 11:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage [2010/01/22 11:38:31 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010/01/22 11:38:31 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010/01/22 11:38:31 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010/01/22 11:38:31 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010/01/22 11:38:31 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010/01/22 11:38:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010/01/22 11:38:31 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010/01/22 11:38:31 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010/01/22 11:38:31 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010/01/22 11:38:31 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010/01/22 11:38:31 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010/01/22 11:38:31 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010/01/22 11:38:31 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010/01/22 11:38:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010/01/20 13:47:02 | 000,000,000 | ---D | C] -- C:\Users\Joey\Documents\Spring10 [2010/01/13 11:28:31 | 000,000,000 | ---D | C] -- C:\a63315bbdd54760ed3cb63da7f14e7 [2010/01/13 11:26:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010/01/13 11:26:16 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/02/09 22:35:05 | 003,407,872 | -HS- | M] () -- C:\Users\Joey\NTUSER.DAT [2010/02/09 22:27:32 | 055,361,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2010/02/09 22:23:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/02/09 21:55:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-448380724-2529988279-146509900-1000UA.job [2010/02/09 20:46:57 | 000,695,540 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/02/09 20:46:57 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/02/09 20:46:57 | 000,105,540 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/02/09 20:44:21 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010/02/09 20:42:08 | 000,005,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/02/09 20:42:08 | 000,005,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/02/09 20:41:38 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/02/09 20:41:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/02/09 20:41:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/02/09 20:33:12 | 000,524,288 | -HS- | M] () -- C:\Users\Joey\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms [2010/02/09 20:33:12 | 000,065,536 | -HS- | M] () -- C:\Users\Joey\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf [2010/02/09 20:33:08 | 002,720,981 | -H-- | M] () -- C:\Users\Joey\AppData\Local\IconCache.db [2010/02/09 20:09:54 | 308,525,810 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010/02/09 20:08:29 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-448380724-2529988279-146509900-1000Core.job [2010/02/09 12:53:52 | 000,011,772 | ---- | M] () -- C:\Users\Joey\Desktop\Exam 1, Focus List for MSIS 4273.docx [2010/02/09 01:25:33 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2010/01/28 16:09:46 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr [2010/01/28 16:09:26 | 000,152,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe [2010/01/28 15:57:55 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys [2010/01/28 15:57:34 | 000,163,280 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys [2010/01/28 15:54:42 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys [2010/01/28 15:54:27 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2010/01/28 15:54:05 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2010/01/20 00:41:06 | 000,014,273 | ---- | M] () -- C:\Users\Joey\Desktop\18U32.docx [2010/01/20 00:41:03 | 000,013,661 | ---- | M] () -- C:\Users\Joey\Desktop\EEA.docx [2010/01/20 00:41:01 | 000,060,984 | ---- | M] () -- C:\Users\Joey\Desktop\ECPA.docx [2010/01/20 00:40:57 | 000,019,664 | ---- | M] () -- C:\Users\Joey\Desktop\PPA.docx [2010/01/20 00:40:54 | 000,020,811 | ---- | M] () -- C:\Users\Joey\Desktop\CFAA.docx [2010/01/20 00:40:51 | 000,139,061 | ---- | M] () -- C:\Users\Joey\Desktop\ACLUR2.docx [2010/01/20 00:40:35 | 000,060,416 | ---- | M] () -- C:\Users\Joey\Desktop\How courts view cyberspace.doc [2010/01/19 14:04:39 | 000,142,495 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg [2010/01/15 12:48:35 | 000,071,168 | ---- | M] () -- C:\Users\Joey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/02/09 14:57:28 | 308,525,810 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010/02/09 12:53:52 | 000,011,772 | ---- | C] () -- C:\Users\Joey\Desktop\Exam 1, Focus List for MSIS 4273.docx [2010/01/20 00:41:06 | 000,014,273 | ---- | C] () -- C:\Users\Joey\Desktop\18U32.docx [2010/01/20 00:41:03 | 000,013,661 | ---- | C] () -- C:\Users\Joey\Desktop\EEA.docx [2010/01/20 00:41:01 | 000,060,984 | ---- | C] () -- C:\Users\Joey\Desktop\ECPA.docx [2010/01/20 00:40:57 | 000,019,664 | ---- | C] () -- C:\Users\Joey\Desktop\PPA.docx [2010/01/20 00:40:54 | 000,020,811 | ---- | C] () -- C:\Users\Joey\Desktop\CFAA.docx [2010/01/20 00:40:51 | 000,139,061 | ---- | C] () -- C:\Users\Joey\Desktop\ACLUR2.docx [2010/01/20 00:40:35 | 000,060,416 | ---- | C] () -- C:\Users\Joey\Desktop\How courts view cyberspace.doc [2009/10/20 14:46:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/10/20 12:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2008/08/23 00:38:50 | 000,071,168 | ---- | C] () -- C:\Users\Joey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/08/19 16:54:58 | 000,023,888 | ---- | C] () -- C:\Users\Joey\AppData\Roaming\UserTile.png [2008/02/16 10:25:45 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2008/01/20 20:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en [2007/08/22 17:18:16 | 000,001,004 | ---- | C] () -- C:\Users\Joey\AppData\Roaming\wklnhst.dat [2007/03/19 04:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll [2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll [2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll [2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll [2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll [2007/03/19 04:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll [2007/03/19 04:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll [2007/03/19 04:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll [2007/03/19 04:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll [2007/03/19 04:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll [2007/03/19 04:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll [2006/11/02 06:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005/10/14 03:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll [2005/10/14 03:56:50 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2005/10/14 03:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\xvid.dll [2005/10/14 03:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll [2005/10/14 03:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2005/10/14 03:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\System32\unrar.dll [2005/10/14 03:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A9662AE0 < End of report > OTL Extras logfile created on: 2/9/2010 10:35:41 PM - Run 1 OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Joey\Downloads Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free 7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288.05 Gb Total Space | 131.61 Gb Free Space | 45.69% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 4.86 Gb Free Space | 48.57% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JOEYGRASICH Current User Name: Joey Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .jse [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .pif [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .vbe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .wsh [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{32A789B2-4F91-45BF-B45F-C6C95FED4233}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | "{366C1A20-11FE-4D26-949A-B9ED8970E1AB}" = lport=2869 | protocol=6 | dir=in | app=system | "{463DC133-8A79-4CDE-B663-7289AD18E25D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{629C854A-0EAD-4DD5-AEFF-CDFBD0659266}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | "{65625DD7-CBBD-4D08-961D-5D285B3A6AD4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{91F50326-2EEB-41C8-A92A-46DE1F8C7596}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | "{9DBF8DE7-F8B5-4CB6-84E1-6E679B4F469A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{AA073821-3F9B-4158-AA7A-A3E1B50DB72C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | "{ACF17D9E-8C20-4859-87F4-9DE30CF82C0D}" = lport=2869 | protocol=6 | dir=in | app=system | "{B95EF262-4B02-47C8-BE08-60A033FF8A29}" = lport=10243 | protocol=6 | dir=in | app=system | "{BD7953F1-37C6-476D-ACA1-D0C952C629B4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{CD438783-6376-41D6-88EC-1950BB97BDA9}" = rport=10243 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{12EE3708-5E67-4760-AB49-70674A5A8F97}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | "{19C63B78-5258-4E03-9DA3-E262608A59BA}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | "{1E06BD30-9C1B-4566-82A5-BCE605974CDD}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{40AB4542-F073-43EA-8A13-8939343718E4}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | "{68C1E170-AC69-40F4-8E2E-6C3F7BB41875}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7154234F-0B65-4F19-BE95-5995D97A3A8D}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | "{7161CE48-D4B7-46C7-970A-604124127103}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe | "{71EA2C22-0BDF-45F0-81BC-504BD53775C2}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{727F7A2E-8A55-48C8-965D-9B6077E6250D}" = protocol=6 | dir=out | app=system | "{7DAD15FE-B819-4280-BD0D-2316A5D86B41}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | "{7DD06F26-5942-47F3-ACED-F936865239EE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{866900D3-99BC-4675-A5FC-7D49A47BBA46}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{892F8755-7A75-43E6-85D4-33A493134787}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8E87DB78-6BBD-45E1-9EE1-29AB69653F4E}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe | "{9CF5EB62-8682-4D7E-B5A7-960C4B2B6419}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | "{A9938245-9063-46B7-8842-B791BFCD10FC}" = protocol=6 | dir=out | app=system | "{C3DE8022-F8F1-4729-936E-B068A30A7626}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | "{D4582FC6-7CE3-44F5-A762-116BFF83C2FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E14BAB7E-3C09-4F9C-B6E7-F701F2BBB671}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{ECA4F491-2607-468E-97FD-0DB5F9AE3C09}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | "{F2F16F42-A822-44A7-AAE9-703DA43497C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F38B788F-2264-48B2-8D70-B03D1AE9E60D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{F91C60D4-E958-4614-AA94-3E94F2062FE6}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "TCP Query User{0D15838D-C728-4DF0-856D-02383C4D7D14}C:\program files\dap\dap.exe" = protocol=6 | dir=in | app=c:\program files\dap\dap.exe | "TCP Query User{1C4B28B6-6B88-46CE-B9C1-422D71172945}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "TCP Query User{25D2D50A-988B-4B4A-9BF9-3A92A597BE27}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{3E2FB89C-19B5-4A9E-BAE4-B18CF63B82C7}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{5EFAE2D8-71A4-40F7-8BEC-CF0E8C31518B}C:\users\joey\desktop\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\users\joey\desktop\itunes\itunes.exe | "TCP Query User{74B425BB-1F97-4D95-96CD-F628F8D8F5E3}C:\users\joey\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\joey\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | "TCP Query User{AA765554-BE15-4E14-BE14-662116F5EFE4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{AE5D7B65-194E-48F1-81D0-BDE7628EF5D4}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe | "TCP Query User{C9B20BEE-CB3B-4B76-BC49-604953245D8C}C:\program files\microsoft directx sdk (august 2007)\utilities\bin\x86\audconsole.exe" = protocol=6 | dir=in | app=c:\program files\microsoft directx sdk (august 2007)\utilities\bin\x86\audconsole.exe | "UDP Query User{01E87F0C-F1D7-4D71-BB9C-C495324ED5A3}C:\program files\microsoft directx sdk (august 2007)\utilities\bin\x86\audconsole.exe" = protocol=17 | dir=in | app=c:\program files\microsoft directx sdk (august 2007)\utilities\bin\x86\audconsole.exe | "UDP Query User{1D49E990-5095-4E3C-814D-976B85FC9CA1}C:\users\joey\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\joey\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | "UDP Query User{230195CE-9C7B-4649-9E25-D387C0BE87EF}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{40910EFE-7099-4142-A801-A01AE5EEBDE5}C:\users\joey\desktop\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\users\joey\desktop\itunes\itunes.exe | "UDP Query User{635235A4-D2F6-49F2-B246-4857C6703CCC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{79F71648-D708-440A-830B-4B59A2387D20}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{B41BA81D-EFD4-439A-8366-82B65FD90E54}C:\program files\dap\dap.exe" = protocol=17 | dir=in | app=c:\program files\dap\dap.exe | "UDP Query User{B9310138-49D3-46C2-8E21-14EAD9DBFBBC}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "UDP Query User{BB6138BC-6041-4224-AC29-1FBA2628621B}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181) "{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 "{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{15EFEBF6-E414-33EB-8710-A04AD1302BF8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 18 "{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online "{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41B9E2CF-0B3F-442A-B5B3-592A4A355634}" = iTunes "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56DF5C9E-6392-46D3-B366-297B14E1DAAF}" = Bonjour Core for Windows "{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007 "{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007 "{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003 "{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003 "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3 "{9C2DC81B-8114-37D9-A922-95E460A1FAFB}" = Microsoft Visual Basic 2008 Express Edition - ENU "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0 "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center "{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU "{C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA}" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D54A32D7-9CDB-4982-B84B-A78CEE6ACEE9}" = SPC 610NC Laptop Camera "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1 "{EBBE2FB2-FBED-44F6-B95F-230AB5A65B28}" = Goombah Partner COM Server "{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects "{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool "{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "avast5" = avast! Free Antivirus "AVG9Uninstall" = AVG Free 9.0 "BitComet" = BitComet 1.15 "CCleaner" = CCleaner "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem "Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0 "CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "Google Updater" = Google Updater "ImgBurn" = ImgBurn "InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Visual Basic 2008 Express Edition - ENU" = Microsoft Visual Basic 2008 Express Edition - ENU "Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU "Mozilla Firefox (3.6)" = Mozilla Firefox (3.6) "Network Play System" = EA AutoPatch "Notepad++" = Notepad++ "NVIDIA Drivers" = NVIDIA Drivers "ObjectDock" = ObjectDock "Revo Uninstaller" = Revo Uninstaller 1.85 "The Weather Channel Desktop 6" = The Weather Channel Desktop 6 "UltSounds" = Windows Sound Schemes "Uninstall_is1" = Uninstall 1.0.0.1 "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component "VLC media player" = VLC media player 1.0.3 "WinPcapInst" = WinPcap 4.1.1 "winpcap-nmap" = winpcap-nmap 4.02 "Wireshark" = Wireshark 1.2.4 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Move Media Player" = Move Media Player "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2/2/2010 1:57:28 PM | Computer Name = JoeyGrasich | Source = Windows Search Service | ID = 3013 Description = Error - 2/2/2010 1:57:28 PM | Computer Name = JoeyGrasich | Source = Windows Search Service | ID = 3013 Description = Error - 2/2/2010 1:57:29 PM | Computer Name = JoeyGrasich | Source = Windows Search Service | ID = 3013 Description = Error - 2/2/2010 4:48:44 PM | Computer Name = JoeyGrasich | Source = WinMgmt | ID = 10 Description = Error - 2/3/2010 3:07:55 AM | Computer Name = JoeyGrasich | Source = Windows Search Service | ID = 3013 Description = Error - 2/3/2010 3:07:55 AM | Computer Name = JoeyGrasich | Source = Windows Search Service | ID = 3013 Description = Error - 2/3/2010 3:07:55 AM | Computer Name = JoeyGrasich | Source = Windows Search Service | ID = 3013 Description = Error - 2/3/2010 3:07:55 AM | Computer Name = JoeyGrasich | Source = Windows Search Service | ID = 3013 Description = Error - 2/3/2010 3:07:55 AM | Computer Name = JoeyGrasich | Source = Windows Search Service | ID = 3013 Description = Error - 2/3/2010 3:07:55 AM | Computer Name = JoeyGrasich | Source = Windows Search Service | ID = 3013 Description = [ Media Center Events ] Error - 11/27/2007 2:48:45 PM | Computer Name = JoeyGrasich | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 12/3/2007 10:54:11 PM | Computer Name = JoeyGrasich | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 12/6/2007 6:45:32 PM | Computer Name = JoeyGrasich | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 12/12/2007 2:48:02 PM | Computer Name = JoeyGrasich | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 4/18/2008 11:22:35 AM | Computer Name = JoeyGrasich | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 5/25/2008 12:48:00 AM | Computer Name = JoeyGrasich | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 5/30/2008 12:19:40 PM | Computer Name = JoeyGrasich | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 6/1/2008 9:04:00 PM | Computer Name = JoeyGrasich | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 6/16/2009 9:29:53 PM | Computer Name = JoeyGrasich | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 10/7/2009 2:10:06 PM | Computer Name = JoeyGrasich | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. [ System Events ] Error - 2/9/2010 1:37:44 PM | Computer Name = JoeyGrasich | Source = WMPNetworkSvc | ID = 866300 Description = Error - 2/9/2010 4:57:37 PM | Computer Name = JoeyGrasich | Source = EventLog | ID = 6008 Description = The previous system shutdown at 2:55:14 PM on 2/9/2010 was unexpected. Error - 2/9/2010 4:59:11 PM | Computer Name = JoeyGrasich | Source = Service Control Manager | ID = 7000 Description = Error - 2/9/2010 5:00:02 PM | Computer Name = JoeyGrasich | Source = WMPNetworkSvc | ID = 866300 Description = Error - 2/9/2010 10:10:04 PM | Computer Name = JoeyGrasich | Source = EventLog | ID = 6008 Description = The previous system shutdown at 8:08:22 PM on 2/9/2010 was unexpected. Error - 2/9/2010 10:11:37 PM | Computer Name = JoeyGrasich | Source = Service Control Manager | ID = 7000 Description = Error - 2/9/2010 10:12:35 PM | Computer Name = JoeyGrasich | Source = WMPNetworkSvc | ID = 866300 Description = Error - 2/9/2010 10:41:46 PM | Computer Name = JoeyGrasich | Source = Print | ID = 19 Description = The print spooler failed to share printer Journal Note Writer with shared resource name Journal Note Writer. Error 2114. The printer cannot be used by others on the network. Error - 2/9/2010 10:42:07 PM | Computer Name = JoeyGrasich | Source = Service Control Manager | ID = 7000 Description = Error - 2/9/2010 10:44:12 PM | Computer Name = JoeyGrasich | Source = WMPNetworkSvc | ID = 866300 Description = < End of report >
  6. OTL logfile created on: 2/9/2010 10:35:41 PM - Run 1 OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Joey\Downloads Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free 7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288.05 Gb Total Space | 131.61 Gb Free Space | 45.69% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 4.86 Gb Free Space | 48.57% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JOEYGRASICH Current User Name: Joey Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/02/09 22:33:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Joey\Downloads\OTL.exe PRC - [2010/01/28 16:09:31 | 002,757,512 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010/01/28 16:09:28 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe PRC - [2009/12/31 12:04:47 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe PRC - [2009/12/12 14:22:34 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe PRC - [2009/12/12 14:22:34 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2009/10/15 22:18:05 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2009/10/15 22:18:05 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe PRC - [2009/10/15 22:18:05 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2009/10/15 22:18:04 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/06/10 15:18:10 | 000,785,520 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe PRC - [2008/05/02 23:16:00 | 000,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe PRC - [2007/04/30 19:43:54 | 003,450,608 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe PRC - [2006/10/03 10:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe PRC - [2006/08/04 18:39:20 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe ========== Modules (SafeList) ========== MOD - [2010/02/09 22:33:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Joey\Downloads\OTL.exe MOD - [2009/10/15 22:18:08 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll MOD - [2009/04/11 00:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (stllssvr) SRV - [2010/01/28 16:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010/01/28 16:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010/01/28 16:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2009/10/20 12:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2009/10/15 22:18:05 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc) SRV - [2009/10/15 22:18:04 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2009/09/24 19:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/03/23 19:40:10 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009/02/02 22:15:58 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c985b6226d7051) Google Update Service (gupdate1c985b6226d7051) SRV - [2008/09/10 16:39:48 | 000,536,872 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2008/08/29 09:18:44 | 000,238,888 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/05/02 23:16:00 | 000,118,784 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc) SRV - [2008/01/20 20:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters) SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) SRV - [2006/11/02 06:34:14 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart) SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/08/04 18:39:20 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService) SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - [2010/01/28 15:57:55 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010/01/28 15:57:34 | 000,163,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010/01/28 15:54:42 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010/01/28 15:54:27 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2010/01/28 15:54:05 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009/11/09 19:08:29 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2009/10/20 12:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2009/10/15 22:18:26 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2009/10/15 22:18:26 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2009/09/28 01:02:42 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter) DRV - [2009/07/14 18:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009/03/27 00:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz132_x32.sys -- (cpuz132) DRV - [2008/04/17 12:12:54 | 000,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2008/01/26 02:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32) DRV - [2008/01/24 11:06:40 | 002,054,872 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008/01/20 20:21:35 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008/01/20 20:21:35 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008/01/20 20:21:35 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008/01/20 20:21:34 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008/01/20 20:21:34 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008/01/20 20:21:34 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008/01/20 20:21:33 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008/01/20 20:21:33 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008/01/20 20:21:33 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel® DRV - [2008/01/20 20:21:33 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008/01/20 20:21:32 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008/01/20 20:21:32 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008/01/20 20:21:32 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008/01/20 20:21:31 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008/01/20 20:21:31 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008/01/20 20:21:31 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008/01/20 20:21:31 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008/01/20 20:21:30 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008/01/20 20:21:29 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008/01/20 20:21:29 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008/01/20 20:21:29 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008/01/20 20:21:28 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008/01/20 20:21:09 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008/01/20 20:21:09 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008/01/20 20:21:09 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007/03/23 05:09:16 | 000,129,832 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32) DRV - [2007/03/15 07:57:30 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv) DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006/11/02 01:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV) DRV - [2006/11/02 00:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv) DRV - [2006/10/18 12:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2006/10/18 12:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2) DRV - [2006/10/18 12:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006/06/19 15:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=1070813 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=1070813 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.yahoo.com" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/21 11:29:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/30 21:55:58 | 000,000,000 | ---D | M] [2009/05/11 11:09:21 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Mozilla\Extensions [2009/05/11 11:09:21 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Mozilla\Extensions\prism@developer.mozilla.org [2010/02/09 12:19:35 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\0p724znd.default\extensions [2010/01/21 11:40:16 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\0p724znd.default\extensions\personas@christopher.beard [2010/02/03 11:49:23 | 000,001,945 | ---- | M] () -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\0p724znd.default\searchplugins\ninjavideo.xml [2010/02/09 12:19:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (no name) - {BA0BACB5-FC95-451E-94D2-4959AB0949D2} - No CLSID value found. O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - {F2BADA0D-FD61-45EF-A994-64A073FD6613} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2787EA8E-8D87-48AF-88AD-B30246C917AB} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F2BADA0D-FD61-45EF-A994-64A073FD6613} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.) O4 - HKCU..\Run: [Google Update] C:\Users\Joey\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - Startup: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock) O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 93.188.166.105 93.188.161.105 1.2.3.4 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp O24 - Desktop BackupWallPaper: C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5e4ad3c8-0f0b-11de-9785-001aa05334d8}\Shell - "" = AutoRun O33 - MountPoints2\{5e4ad3c8-0f0b-11de-9785-001aa05334d8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{bd086250-8c57-11de-a94d-001aa05334d8}\Shell - "" = AutoRun O33 - MountPoints2\{bd086250-8c57-11de-a94d-001aa05334d8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (aswBoot.exe /A:"C:" /L:"1033" /heur:80 /pup /archives /IA:0 /KBD:2 /dir:"C:\Program Files\Alwil Software\Avast5") - C:\Windows\System32\aswBoot.exe (ALWIL Software) O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/02/09 14:57:37 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010/02/09 13:24:06 | 000,000,000 | ---D | C] -- C:\Users\Joey\Desktop\New Folder [2010/02/09 01:25:33 | 000,163,280 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys [2010/02/09 01:25:33 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2010/02/09 01:25:33 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys [2010/02/09 01:25:33 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys [2010/02/09 01:25:33 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2010/02/09 01:25:00 | 000,152,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe [2010/02/09 01:25:00 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr [2010/02/09 01:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software [2010/02/09 01:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2010/01/27 19:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010/01/27 19:10:02 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010/01/27 19:10:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010/01/27 19:10:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010/01/27 11:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage [2010/01/22 11:38:31 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010/01/22 11:38:31 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010/01/22 11:38:31 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010/01/22 11:38:31 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010/01/22 11:38:31 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010/01/22 11:38:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010/01/22 11:38:31 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010/01/22 11:38:31 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010/01/22 11:38:31 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010/01/22 11:38:31 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010/01/22 11:38:31 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010/01/22 11:38:31 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010/01/22 11:38:31 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010/01/22 11:38:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010/01/20 13:47:02 | 000,000,000 | ---D | C] -- C:\Users\Joey\Documents\Spring10 [2010/01/13 11:28:31 | 000,000,000 | ---D | C] -- C:\a63315bbdd54760ed3cb63da7f14e7 [2010/01/13 11:26:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010/01/13 11:26:16 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/02/09 22:35:05 | 003,407,872 | -HS- | M] () -- C:\Users\Joey\NTUSER.DAT [2010/02/09 22:27:32 | 055,361,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2010/02/09 22:23:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/02/09 21:55:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-448380724-2529988279-146509900-1000UA.job [2010/02/09 20:46:57 | 000,695,540 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/02/09 20:46:57 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/02/09 20:46:57 | 000,105,540 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/02/09 20:44:21 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010/02/09 20:42:08 | 000,005,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/02/09 20:42:08 | 000,005,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/02/09 20:41:38 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/02/09 20:41:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/02/09 20:41:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/02/09 20:33:12 | 000,524,288 | -HS- | M] () -- C:\Users\Joey\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms [2010/02/09 20:33:12 | 000,065,536 | -HS- | M] () -- C:\Users\Joey\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf [2010/02/09 20:33:08 | 002,720,981 | -H-- | M] () -- C:\Users\Joey\AppData\Local\IconCache.db [2010/02/09 20:09:54 | 308,525,810 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010/02/09 20:08:29 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-448380724-2529988279-146509900-1000Core.job [2010/02/09 12:53:52 | 000,011,772 | ---- | M] () -- C:\Users\Joey\Desktop\Exam 1, Focus List for MSIS 4273.docx [2010/02/09 01:25:33 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2010/01/28 16:09:46 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr [2010/01/28 16:09:26 | 000,152,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe [2010/01/28 15:57:55 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys [2010/01/28 15:57:34 | 000,163,280 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys [2010/01/28 15:54:42 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys [2010/01/28 15:54:27 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2010/01/28 15:54:05 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2010/01/20 00:41:06 | 000,014,273 | ---- | M] () -- C:\Users\Joey\Desktop\18U32.docx [2010/01/20 00:41:03 | 000,013,661 | ---- | M] () -- C:\Users\Joey\Desktop\EEA.docx [2010/01/20 00:41:01 | 000,060,984 | ---- | M] () -- C:\Users\Joey\Desktop\ECPA.docx [2010/01/20 00:40:57 | 000,019,664 | ---- | M] () -- C:\Users\Joey\Desktop\PPA.docx [2010/01/20 00:40:54 | 000,020,811 | ---- | M] () -- C:\Users\Joey\Desktop\CFAA.docx [2010/01/20 00:40:51 | 000,139,061 | ---- | M] () -- C:\Users\Joey\Desktop\ACLUR2.docx [2010/01/20 00:40:35 | 000,060,416 | ---- | M] () -- C:\Users\Joey\Desktop\How courts view cyberspace.doc [2010/01/19 14:04:39 | 000,142,495 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg [2010/01/15 12:48:35 | 000,071,168 | ---- | M] () -- C:\Users\Joey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/02/09 14:57:28 | 308,525,810 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010/02/09 12:53:52 | 000,011,772 | ---- | C] () -- C:\Users\Joey\Desktop\Exam 1, Focus List for MSIS 4273.docx [2010/01/20 00:41:06 | 000,014,273 | ---- | C] () -- C:\Users\Joey\Desktop\18U32.docx [2010/01/20 00:41:03 | 000,013,661 | ---- | C] () -- C:\Users\Joey\Desktop\EEA.docx [2010/01/20 00:41:01 | 000,060,984 | ---- | C] () -- C:\Users\Joey\Desktop\ECPA.docx [2010/01/20 00:40:57 | 000,019,664 | ---- | C] () -- C:\Users\Joey\Desktop\PPA.docx [2010/01/20 00:40:54 | 000,020,811 | ---- | C] () -- C:\Users\Joey\Desktop\CFAA.docx [2010/01/20 00:40:51 | 000,139,061 | ---- | C] () -- C:\Users\Joey\Desktop\ACLUR2.docx [2010/01/20 00:40:35 | 000,060,416 | ---- | C] () -- C:\Users\Joey\Desktop\How courts view cyberspace.doc [2009/10/20 14:46:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/10/20 12:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2008/08/23 00:38:50 | 000,071,168 | ---- | C] () -- C:\Users\Joey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/08/19 16:54:58 | 000,023,888 | ---- | C] () -- C:\Users\Joey\AppData\Roaming\UserTile.png [2008/02/16 10:25:45 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2008/01/20 20:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en [2007/08/22 17:18:16 | 000,001,004 | ---- | C] () -- C:\Users\Joey\AppData\Roaming\wklnhst.dat [2007/03/19 04:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll [2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll [2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll [2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll [2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll [2007/03/19 04:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll [2007/03/19 04:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll [2007/03/19 04:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll [2007/03/19 04:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll [2007/03/19 04:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll [2007/03/19 04:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll [2006/11/02 06:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005/10/14 03:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll [2005/10/14 03:56:50 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2005/10/14 03:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\xvid.dll [2005/10/14 03:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll [2005/10/14 03:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2005/10/14 03:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\System32\unrar.dll [2005/10/14 03:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A9662AE0 < End of report > OTL Extras logfile created on: 2/9/2010 10:35:41 PM - Run 1 OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Joey\Downloads Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free 7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288.05 Gb Total Space | 131.61 Gb Free Space | 45.69% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 4.86 Gb Free Space | 48.57% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JOEYGRASICH Current User Name: Joey Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .jse [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .pif [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .vbe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .wsh [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{32A789B2-4F91-45BF-B45F-C6C95FED4233}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | "{366C1A20-11FE-4D26-949A-B9ED8970E1AB}" = lport=2869 | protocol=6 | dir=in | app=system | "{463DC133-8A79-4CDE-B663-7289AD18E25D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{629C854A-0EAD-4DD5-AEFF-CDFBD0659266}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | "{65625DD7-CBBD-4D08-961D-5D285B3A6AD4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{91F50326-2EEB-41C8-A92A-46DE1F8C7596}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | "{9DBF8DE7-F8B5-4CB6-84E1-6E679B4F469A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{AA073821-3F9B-4158-AA7A-A3E1B50DB72C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | "{ACF17D9E-8C20-4859-87F4-9DE30CF82C0D}" = lport=2869 | protocol=6 | dir=in | app=system | "{B95EF262-4B02-47C8-BE08-60A033FF8A29}" = lport=10243 | protocol=6 | dir=in | app=system | "{BD7953F1-37C6-476D-ACA1-D0C952C629B4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{CD438783-6376-41D6-88EC-1950BB97BDA9}" = rport=10243 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{12EE3708-5E67-4760-AB49-70674A5A8F97}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | "{19C63B78-5258-4E03-9DA3-E262608A59BA}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | "{1E06BD30-9C1B-4566-82A5-BCE605974CDD}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{40AB4542-F073-43EA-8A13-8939343718E4}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | "{68C1E170-AC69-40F4-8E2E-6C3F7BB41875}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7154234F-0B65-4F19-BE95-5995D97A3A8D}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | "{7161CE48-D4B7-46C7-970A-604124127103}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe | "{71EA2C22-0BDF-45F0-81BC-504BD53775C2}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{727F7A2E-8A55-48C8-965D-9B6077E6250D}" = protocol=6 | dir=out | app=system | "{7DAD15FE-B819-4280-BD0D-2316A5D86B41}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | "{7DD06F26-5942-47F3-ACED-F936865239EE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{866900D3-99BC-4675-A5FC-7D49A47BBA46}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{892F8755-7A75-43E6-85D4-33A493134787}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8E87DB78-6BBD-45E1-9EE1-29AB69653F4E}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe | "{9CF5EB62-8682-4D7E-B5A7-960C4B2B6419}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | "{A9938245-9063-46B7-8842-B791BFCD10FC}" = protocol=6 | dir=out | app=system | "{C3DE8022-F8F1-4729-936E-B068A30A7626}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | "{D4582FC6-7CE3-44F5-A762-116BFF83C2FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E14BAB7E-3C09-4F9C-B6E7-F701F2BBB671}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{ECA4F491-2607-468E-97FD-0DB5F9AE3C09}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | "{F2F16F42-A822-44A7-AAE9-703DA43497C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F38B788F-2264-48B2-8D70-B03D1AE9E60D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{F91C60D4-E958-4614-AA94-3E94F2062FE6}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "TCP Query User{0D15838D-C728-4DF0-856D-02383C4D7D14}C:\program files\dap\dap.exe" = protocol=6 | dir=in | app=c:\program files\dap\dap.exe | "TCP Query User{1C4B28B6-6B88-46CE-B9C1-422D71172945}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "TCP Query User{25D2D50A-988B-4B4A-9BF9-3A92A597BE27}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{3E2FB89C-19B5-4A9E-BAE4-B18CF63B82C7}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{5EFAE2D8-71A4-40F7-8BEC-CF0E8C31518B}C:\users\joey\desktop\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\users\joey\desktop\itunes\itunes.exe | "TCP Query User{74B425BB-1F97-4D95-96CD-F628F8D8F5E3}C:\users\joey\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\joey\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | "TCP Query User{AA765554-BE15-4E14-BE14-662116F5EFE4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{AE5D7B65-194E-48F1-81D0-BDE7628EF5D4}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe | "TCP Query User{C9B20BEE-CB3B-4B76-BC49-604953245D8C}C:\program files\microsoft directx sdk (august 2007)\utilities\bin\x86\audconsole.exe" = protocol=6 | dir=in | app=c:\program files\microsoft directx sdk (august 2007)\utilities\bin\x86\audconsole.exe | "UDP Query User{01E87F0C-F1D7-4D71-BB9C-C495324ED5A3}C:\program files\microsoft directx sdk (august 2007)\utilities\bin\x86\audconsole.exe" = protocol=17 | dir=in | app=c:\program files\microsoft directx sdk (august 2007)\utilities\bin\x86\audconsole.exe | "UDP Query User{1D49E990-5095-4E3C-814D-976B85FC9CA1}C:\users\joey\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\joey\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | "UDP Query User{230195CE-9C7B-4649-9E25-D387C0BE87EF}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{40910EFE-7099-4142-A801-A01AE5EEBDE5}C:\users\joey\desktop\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\users\joey\desktop\itunes\itunes.exe | "UDP Query User{635235A4-D2F6-49F2-B246-4857C6703CCC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{79F71648-D708-440A-830B-4B59A2387D20}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{B41BA81D-EFD4-439A-8366-82B65FD90E54}C:\program files\dap\dap.exe" = protocol=17 | dir=in | app=c:\program files\dap\dap.exe | "UDP Query User{B9310138-49D3-46C2-8E21-14EAD9DBFBBC}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "UDP Query User{BB6138BC-6041-4224-AC29-1FBA2628621B}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181) "{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 "{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{15EFEBF6-E414-33EB-8710-A04AD1302BF8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 18 "{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online "{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41B9E2CF-0B3F-442A-B5B3-592A4A355634}" = iTunes "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56DF5C9E-6392-46D3-B366-297B14E1DAAF}" = Bonjour Core for Windows "{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007 "{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007 "{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003 "{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003 "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3 "{9C2DC81B-8114-37D9-A922-95E460A1FAFB}" = Microsoft Visual Basic 2008 Express Edition - ENU "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0 "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center "{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU "{C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA}" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D54A32D7-9CDB-4982-B84B-A78CEE6ACEE9}" = SPC 610NC Laptop Camera "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1 "{EBBE2FB2-FBED-44F6-B95F-230AB5A65B28}" = Goombah Partner COM Server "{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects "{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool "{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "avast5" = avast! Free Antivirus "AVG9Uninstall" = AVG Free 9.0 "BitComet" = BitComet 1.15 "CCleaner" = CCleaner "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem "Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0 "CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "Google Updater" = Google Updater "ImgBurn" = ImgBurn "InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Visual Basic 2008 Express Edition - ENU" = Microsoft Visual Basic 2008 Express Edition - ENU "Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU "Mozilla Firefox (3.6)" = Mozilla Firefox (3.6) "Network Play System" = EA AutoPatch "Notepad++" = Notepad++ "NVIDIA Drivers" = NVIDIA Drivers "ObjectDock" = ObjectDock "Revo Uninstaller" = Revo Uninstaller 1.85 "The Weather Channel Desktop 6" = The Weather Channel Desktop 6 "UltSounds" = Windows Sound Schemes "Uninstall_is1" = Uninstall 1.0.0.1 "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component "VLC media player" = VLC media player 1.0.3 "WinPcapInst" = WinPcap 4.1.1 "winpcap-nmap" = winpcap-nmap 4.02 "Wireshark" = Wireshark 1.2.4 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Move Media Player" = Move Media Player "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2/2/2010 1:57:28 PM | Computer Name = JoeyGrasich | Source = Windows Search Service | ID = 3013 Description = Error - 2/2/2010 1:57:28 PM | Computer Name = JoeyGrasich | Source = Windows Search Service | ID = 3013 Description = Error - 2/2/2010 1:57:29 PM | Computer Name = JoeyGrasich | Source = Windows Search Service | ID = 3013 Description = Error - 2/2/2010 4:48:44 PM | Computer Name = JoeyGrasich | Source = WinMgmt | ID = 10 Description = Error - 2/3/2010 3:07:55 AM | Computer Name = JoeyGrasich | Source = Windows Search Service | ID = 3013 Description = Error - 2/3/2010 3:07:55 AM | Computer Name = JoeyGrasich | Source = Windows Search Service | ID = 3013 Description = Error - 2/3/2010 3:07:55 AM | Computer Name = JoeyGrasich | Source = Windows Search Service | ID = 3013 Description = Error - 2/3/2010 3:07:55 AM | Computer Name = JoeyGrasich | Source = Windows Search Service | ID = 3013 Description = Error - 2/3/2010 3:07:55 AM | Computer Name = JoeyGrasich | Source = Windows Search Service | ID = 3013 Description = Error - 2/3/2010 3:07:55 AM | Computer Name = JoeyGrasich | Source = Windows Search Service | ID = 3013 Description = [ Media Center Events ] Error - 11/27/2007 2:48:45 PM | Computer Name = JoeyGrasich | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 12/3/2007 10:54:11 PM | Computer Name = JoeyGrasich | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 12/6/2007 6:45:32 PM | Computer Name = JoeyGrasich | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 12/12/2007 2:48:02 PM | Computer Name = JoeyGrasich | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 4/18/2008 11:22:35 AM | Computer Name = JoeyGrasich | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 5/25/2008 12:48:00 AM | Computer Name = JoeyGrasich | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 5/30/2008 12:19:40 PM | Computer Name = JoeyGrasich | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 6/1/2008 9:04:00 PM | Computer Name = JoeyGrasich | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 6/16/2009 9:29:53 PM | Computer Name = JoeyGrasich | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 10/7/2009 2:10:06 PM | Computer Name = JoeyGrasich | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. [ System Events ] Error - 2/9/2010 1:37:44 PM | Computer Name = JoeyGrasich | Source = WMPNetworkSvc | ID = 866300 Description = Error - 2/9/2010 4:57:37 PM | Computer Name = JoeyGrasich | Source = EventLog | ID = 6008 Description = The previous system shutdown at 2:55:14 PM on 2/9/2010 was unexpected. Error - 2/9/2010 4:59:11 PM | Computer Name = JoeyGrasich | Source = Service Control Manager | ID = 7000 Description = Error - 2/9/2010 5:00:02 PM | Computer Name = JoeyGrasich | Source = WMPNetworkSvc | ID = 866300 Description = Error - 2/9/2010 10:10:04 PM | Computer Name = JoeyGrasich | Source = EventLog | ID = 6008 Description = The previous system shutdown at 8:08:22 PM on 2/9/2010 was unexpected. Error - 2/9/2010 10:11:37 PM | Computer Name = JoeyGrasich | Source = Service Control Manager | ID = 7000 Description = Error - 2/9/2010 10:12:35 PM | Computer Name = JoeyGrasich | Source = WMPNetworkSvc | ID = 866300 Description = Error - 2/9/2010 10:41:46 PM | Computer Name = JoeyGrasich | Source = Print | ID = 19 Description = The print spooler failed to share printer Journal Note Writer with shared resource name Journal Note Writer. Error 2114. The printer cannot be used by others on the network. Error - 2/9/2010 10:42:07 PM | Computer Name = JoeyGrasich | Source = Service Control Manager | ID = 7000 Description = Error - 2/9/2010 10:44:12 PM | Computer Name = JoeyGrasich | Source = WMPNetworkSvc | ID = 866300 Description = < End of report >
  7. Here is MAM Log: Malwarebytes' Anti-Malware 1.44 Database version: 3712 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 2/9/2010 12:02:33 PM mbam-log-2010-02-09 (12-02-33).txt Scan type: Quick Scan Objects scanned: 98308 Time elapsed: 3 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.166.105 93.188.161.105 1.2.3.4 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49ed5f7e-ff5b-402f-9c3f-0eba312858f0}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.166.105 93.188.161.105 1.2.3.4 -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Here is DDS.txt: DDS (Ver_09-12-01.01) - NTFSx86 Run by Joey at 12:35:39.83 on Tue 02/09/2010 Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_18 Microsoft Attach.zip
  8. Here is DDS.txt: DDS (Ver_09-12-01.01) - NTFSx86 Run by Joey at 12:35:39.83 on Tue 02/09/2010 Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_18 Microsoft Attach.zip
  9. I have scanned and did the removal process many times. I scan again, then the same two infected files are there. Here is the infected files from my log: Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.166.105 93.188.161.105 1.2.3.4 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49ed5f7e-ff5b-402f-9c3f-0eba312858f0}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.166.105 93.188.161.105 1.2.3.4 -> Quarantined and deleted successfully. It says it deletes it everytime but when i scan, its there again. Suggestions? Thanks, Joey
  10. I have scanned and did the removal process many times. I scan again, then the same two infected files are there. Here is the infected files from my log: Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.166.105 93.188.161.105 1.2.3.4 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49ed5f7e-ff5b-402f-9c3f-0eba312858f0}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.166.105 93.188.161.105 1.2.3.4 -> Quarantined and deleted successfully. It says it deletes it everytime but when i scan, its there again. Suggestions? Thanks, Joey
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.