Laptop multple issue.

**rngrgreen** · 2010-12-03, 18:17

Please be advised I have 2 computers having an issue (different problems.) So I am making 2 threads one for each. This one is for the Laptop.

First thing I notices is network icon says access denied while connected and can still browse the internet. I have tried to unistall device and reinstall fresh drivers same thing. As of today I now notice I can not install anything. The windows installer services cannot be accessed this can occur if the windows installer is not correctly installed. Contact you support personal for assistance.

I have ran F-Secure online scanner it did detect items and removed successfully I do not remember what they were. I also do not have a report to give for that. If it saves it somewhere I do not know where.

DDS (Ver_10-11-27.01) - NTFSx86
Run by owner at 12:01:07.13 on Fri 12/03/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_13

============== Running Processes ===============

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyServer = http=127.0.0.1:8777;https=127.0.0.1:8777
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [PlayNC Launcher]
uRun: [DriverMax]
uRun: [DriverMax_RESTART]
mRun: [<NO NAME>]
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\zbsxu33u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\zbsxu33u.default\extensions\{38ab6a6c-cc4c-4f9e-a3dd-3c5681ef18a1}\plugins\npsoe.dll
FF - plugin: c:\users\owner\program files\dna\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox 4.0 beta 6\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Free Realms Installer: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1} - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\zbsxu33u.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
FF - Extension: Ask Toolbar: toolbar@ask.com - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\zbsxu33u.default\extensions\toolbar@ask.com

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2010-12-03 01:40:58 -------- d-----w- c:\progra~2\F-Secure
2010-12-03 00:48:30 -------- d-----w- C:\SWSetup
2010-12-01 14:25:02 -------- d-----w- c:\program files\Belkin
2010-12-01 14:24:40 -------- d-----w- c:\windows\{4626E3EA-85B3-464E-B296-F3F5488D8B08}
2010-12-01 14:04:54 651264 ----a-w- c:\windows\system32\drivers\netr28u.sys
2010-12-01 14:04:54 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2010-11-30 13:16:42 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{ce0dccb2-19be-4a1f-916a-42d294d5f9a4}\mpengine.dll
2010-11-28 20:25:11 -------- d-----w- c:\users\owner\appdata\local\Innovative Solutions
2010-11-28 20:25:11 -------- d-----w- c:\progra~2\Innovative Solutions
2010-11-28 20:25:07 -------- d-----w- c:\program files\Innovative Solutions
2010-11-25 14:14:43 -------- d-----w- c:\program files\common files\PX Storage Engine
2010-11-25 14:14:10 -------- d-----w- c:\program files\common files\DivX Shared
2010-11-25 14:11:36 -------- d-----w- c:\program files\DivX
2010-11-25 14:10:40 -------- d-----w- c:\progra~2\DivX
2010-11-09 23:35:54 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

==================== Find3M ====================

2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-26 02:59:37 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-26 02:59:37 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-23 04:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 20:56:13 111960 ----a-w- c:\windows\dxsdkuninst.exe
2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 17:23:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 17:07:35 834048 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 15:23:27 389632 ----a-w- c:\windows\system32\html.iec
2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll

============= FINISH: 12:02:04.83 ===============

**tashi** · 2010-12-03, 19:00

Hello rngrgreen,

If you have more than one infected computer in the house please let your helper know. Start a new topic for the next machine once the prior thread has been closed.

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

Open topic: http://forums.spybot.info/showthread.php?t=60727

Best regards.

**ken545** · 2010-12-10, 15:21

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

It gets very complicated when you post for two different computers, the way we do this is to finish one, close the thread and then you post for the second one. No one helped you with the first one and you say its ok, what I have done was to reopen this one for your laptop as I see malware on it so we will work on the laptop and when its done if your still having issues with your desktop then start a new topic for it.

Please download Malwarebytes from Here or Here

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please

OTL by OldTimer

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

**rngrgreen** · 2010-12-10, 18:33

Ok first let inform you of other issues to I can not install or unistall anything. I get windows installer has failed, Windows installer service is not running or access denied. I tried to start service under services.msc I get access denied. Also sound services not working either. CD, DVD will not load anything I get program cannot be found. This one is radmon somtime cd dvd works.
Alright now that you know all systems I am not sure if that will help or not here is the requested logs.

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5288

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

12/10/2010 12:14:20 PM
mbam-log-2010-12-10 (12-14-20).txt

Scan type: Quick scan
Objects scanned: 151303
Time elapsed: 5 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL logfile created on: 12/10/2010 12:21:21 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\owner\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.70 Gb Total Space | 34.10 Gb Free Space | 24.58% Space Free | Partition Type: NTFS
Drive E: | 2.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SHAWN-WANAMAKER | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\owner\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\StormII\stormliv.exe (北京暴风网际科技有限公司)

========== Modules (SafeList) ==========

MOD - C:\Users\owner\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe File not found
SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe File not found
SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe File not found
SRV - (GameConsoleService) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe File not found
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_aeec0f0.dll ()
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ccosm) -- C:\Program Files\StormII\stormliv.exe (北京暴风网际科技有限公司)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (XDva349) -- C:\Windows\System32\XDva349.sys File not found
DRV - (XDva285) -- C:\Windows\System32\XDva285.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (F-Secure Standalone Minifilter) -- C:\Users\owner\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys File not found
DRV - (EagleNT) -- C:\Users\owner\AppData\Local\Temp\EagleNT.sys File not found
DRV - (ByakkoDriver) -- C:\Users\owner\AppData\Local\Temp\100581145.06- File not found
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (msloop) -- C:\Windows\System32\drivers\loop.sys (Microsoft Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...esario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8777;https=127.0.0.1:8777

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}:1.0.3.116
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.8.0.99999
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="
FF - prefs.js..network.proxy.http: "10.81.0.1"
FF - prefs.js..network.proxy.http_port: 8080

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 07:44:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 07:44:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 6\components [2010/10/30 14:29:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugins [2010/11/25 09:15:33 | 000,000,000 | ---D | M]

[2009/03/13 16:20:01 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
[2010/12/09 17:54:03 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\zbsxu33u.default\extensions
[2010/09/18 12:30:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\zbsxu33u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/26 11:01:51 | 000,000,000 | ---D | M] () -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\zbsxu33u.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
[2010/11/23 20:48:31 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\zbsxu33u.default\extensions\toolbar@ask.com
[2010/10/23 22:58:39 | 000,001,832 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\FireFox\Profiles\zbsxu33u.default\searchplugins\bing.xml
[2010/10/22 11:08:09 | 000,001,553 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\FireFox\Profiles\zbsxu33u.default\searchplugins\wowhead.xml
[2010/12/09 17:54:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/30 11:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [DriverMax] File not found
O4 - HKCU..\Run: [DriverMax_RESTART] File not found
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/11/02 15:00:00 | 000,000,043 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{72408b52-7e89-11df-b2a3-001f165f6049}\Shell - "" = AutoRun
O33 - MountPoints2\{72408b52-7e89-11df-b2a3-001f165f6049}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{74dd9dcd-f0c4-11dd-ba2e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{74dd9dcd-f0c4-11dd-ba2e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\ffxivsetup.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2006/11/02 15:00:00 | 000,109,160 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/09 09:06:25 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Vuze Downloads
[2010/12/07 20:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010/12/07 20:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010/12/03 21:48:18 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/12/03 21:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/12/03 21:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/12/03 21:37:16 | 000,000,000 | ---D | C] -- C:\43fd38b79586b12192672f43
[2010/12/03 21:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/12/02 20:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010/12/02 19:48:30 | 000,000,000 | ---D | C] -- C:\SWSetup
[2010/12/01 09:25:02 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2010/12/01 09:24:40 | 000,000,000 | ---D | C] -- C:\Windows\{4626E3EA-85B3-464E-B296-F3F5488D8B08}
[2010/12/01 09:04:54 | 000,651,264 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\System32\drivers\netr28u.sys
[2010/12/01 09:04:54 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\System32\RaCoInst.dll
[2010/11/30 12:41:55 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\owner\Desktop\ATF-Cleaner.exe
[2010/11/28 15:25:11 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\My Drivers
[2010/11/28 15:25:11 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Innovative Solutions
[2010/11/28 15:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2010/11/28 15:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2010/11/25 13:22:49 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\customclassitemfixer_v1
[2010/11/25 09:15:07 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\DivX
[2010/11/25 09:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/11/25 09:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/11/25 09:11:36 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/11/25 09:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/07/19 15:39:04 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/10 12:05:39 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/10 12:05:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/10 12:05:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/10 12:05:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/10 12:05:23 | 2073,251,840 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/10 11:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/09 22:53:33 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/12/09 22:53:33 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/12/09 16:29:24 | 000,006,016 | ---- | M] () -- C:\Users\owner\Desktop\DDS.zip
[2010/12/09 16:15:00 | 199,527,180 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/09 16:06:30 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForowner.job
[2010/12/07 06:09:12 | 000,032,256 | ---- | M] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/04 11:55:01 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/12/02 11:42:12 | 000,613,270 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/02 11:42:12 | 000,108,196 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/02 08:56:43 | 000,001,079 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/02 08:56:43 | 000,001,055 | ---- | M] () -- C:\Users\owner\Desktop\Spybot - Search & Destroy.lnk
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/28 15:25:09 | 000,000,919 | ---- | M] () -- C:\Users\owner\Desktop\DriverMax.lnk
[2010/11/25 13:22:15 | 000,128,434 | ---- | M] () -- C:\Users\owner\Documents\customclassitemfixer_v1.zip
[2010/11/25 09:15:37 | 000,001,432 | ---- | M] () -- C:\Users\owner\Desktop\DivX Movies.lnk
[2010/11/25 09:14:58 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/11/25 09:14:37 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/09 22:48:15 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/12/09 22:48:15 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/12/09 16:29:24 | 000,006,016 | ---- | C] () -- C:\Users\owner\Desktop\DDS.zip
[2010/12/09 16:00:37 | 000,296,448 | ---- | C] () -- C:\Users\owner\Desktop\gmer.exe
[2010/12/04 12:12:05 | 2073,251,840 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/02 08:56:43 | 000,001,079 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/02 08:56:43 | 000,001,055 | ---- | C] () -- C:\Users\owner\Desktop\Spybot - Search & Destroy.lnk
[2010/12/01 09:04:54 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2010/11/30 12:34:27 | 199,527,180 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/11/28 15:25:09 | 000,000,919 | ---- | C] () -- C:\Users\owner\Desktop\DriverMax.lnk
[2010/11/25 13:22:13 | 000,128,434 | ---- | C] () -- C:\Users\owner\Documents\customclassitemfixer_v1.zip
[2010/11/25 09:15:37 | 000,001,432 | ---- | C] () -- C:\Users\owner\Desktop\DivX Movies.lnk
[2010/11/25 09:14:58 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/11/25 09:14:37 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/10/21 08:37:53 | 000,000,032 | ---- | C] () -- C:\ProgramData\io.ini
[2010/10/21 08:37:53 | 000,000,000 | ---- | C] () -- C:\ProgramData\k98417kepujtzpw2tf4poi79ey7dsn4z.ini
[2010/09/29 09:14:26 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/09/29 09:14:26 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2010/09/26 17:35:45 | 000,000,056 | ---- | C] () -- C:\Windows\SpeederXP.INI
[2010/09/18 12:27:52 | 000,000,008 | ---- | C] () -- C:\Users\owner\AppData\Roaming\DofusAppId0_3
[2010/08/31 13:19:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\cygz.dll
[2010/08/31 13:19:28 | 000,007,196 | ---- | C] () -- C:\Windows\System32\INI_Pro_3GP_AAC.ini
[2010/08/31 13:19:28 | 000,006,490 | ---- | C] () -- C:\Windows\System32\INI_Pro_PSP.ini
[2010/08/31 13:19:28 | 000,005,028 | ---- | C] () -- C:\Windows\System32\INI_Pro_3GP2_AAC.ini
[2010/08/31 13:19:28 | 000,004,296 | ---- | C] () -- C:\Windows\System32\INI_Pro_Zune.ini
[2010/08/31 13:19:28 | 000,003,045 | ---- | C] () -- C:\Windows\System32\INI_Pro_iPod.ini
[2010/08/31 13:19:28 | 000,002,956 | ---- | C] () -- C:\Windows\System32\INI_Pro_PMP.ini
[2010/08/31 13:19:28 | 000,002,910 | ---- | C] () -- C:\Windows\System32\INI_Pro_3GP_AMR.ini
[2010/08/31 13:19:28 | 000,002,516 | ---- | C] () -- C:\Windows\System32\INI_Pro_PPC.ini
[2010/08/31 13:19:28 | 000,002,175 | ---- | C] () -- C:\Windows\System32\INI_Pro_iPhone.ini
[2010/08/31 13:19:28 | 000,001,964 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP2_QVGA_AAC.ini
[2010/08/31 13:19:28 | 000,001,964 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP2_QCIF_AAC.ini
[2010/08/31 13:19:28 | 000,001,878 | ---- | C] () -- C:\Windows\System32\INI_Pro_Xbox.ini
[2010/08/31 13:19:28 | 000,001,814 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP_QVGA_AMR.ini
[2010/08/31 13:19:28 | 000,001,814 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP_QVGA_AAC.ini
[2010/08/31 13:19:28 | 000,001,814 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP_QCIF_AMR.ini
[2010/08/31 13:19:28 | 000,001,814 | ---- | C] () -- C:\Windows\System32\INI_QT_3GPP_QCIF_AAC.ini
[2010/08/31 13:19:28 | 000,001,739 | ---- | C] () -- C:\Windows\System32\INI_Pro_AppleTV.ini
[2010/08/31 13:19:28 | 000,000,036 | ---- | C] () -- C:\Windows\System32\INI_Add_mfra.ini
[2010/08/31 13:19:27 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/07/19 15:33:54 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/07/19 15:33:54 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/07/04 15:29:22 | 000,000,281 | ---- | C] () -- C:\ProgramData\Local Disk (C) - Shortcut.lnk
[2010/06/18 14:08:09 | 000,000,096 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/06/10 15:09:16 | 000,000,029 | ---- | C] () -- C:\Windows\Index.ini
[2010/06/07 11:11:33 | 000,000,008 | ---- | C] () -- C:\Users\owner\AppData\Roaming\DofusAppId0_1
[2010/06/07 11:10:43 | 000,000,169 | ---- | C] () -- C:\Users\owner\AppData\Roaming\D2Info0
[2010/06/07 11:10:43 | 000,000,008 | ---- | C] () -- C:\Users\owner\AppData\Roaming\DofusAppId0_2
[2010/06/04 13:53:34 | 000,000,093 | ---- | C] () -- C:\Users\owner\AppData\Local\fusioncache.dat
[2010/05/22 12:59:20 | 000,009,728 | ---- | C] () -- C:\Windows\System32\uc_karos_launching.dll
[2010/05/17 13:19:25 | 000,139,336 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/03/15 07:44:34 | 000,005,120 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/10/22 10:00:45 | 000,000,148 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/10/20 13:25:51 | 000,001,215 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/09/18 20:18:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/17 20:53:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2009/06/28 20:20:36 | 000,001,356 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2009/05/04 19:47:37 | 000,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt
[2009/02/04 10:20:10 | 000,032,256 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/01 15:18:49 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/02/01 12:07:45 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\QSwitch.txt
[2009/02/01 12:07:45 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\DSwitch.txt
[2009/02/01 12:07:45 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\AtStart.txt
[2009/01/05 15:51:11 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/01/05 15:51:03 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/01/05 15:50:43 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/01/05 15:50:14 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/01/05 15:48:06 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/01/05 15:47:38 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2008/10/23 01:44:13 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/23 01:38:23 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/23 01:36:27 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/23 01:35:06 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/07/06 15:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/08/29 23:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll
[2005/08/29 23:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll
[2005/08/29 23:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll

========== LOP Check ==========

[2010/11/28 14:26:27 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\.minecraft
[2009/11/16 19:24:52 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\.purple
[2010/08/21 11:56:02 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\AnvSoft
[2010/06/07 11:11:37 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\app
[2010/05/17 14:07:16 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Application Data
[2010/12/10 11:59:50 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Azureus
[2010/12/10 12:06:47 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\BitTorrent
[2010/06/25 15:11:38 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Crayon Physics Deluxe
[2010/05/24 14:56:45 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\DNA
[2010/10/29 08:58:58 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Dofus 2
[2010/06/07 11:10:43 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/09/18 12:27:52 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/06/07 11:11:34 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/10/22 16:06:23 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\EternalEden
[2010/05/17 13:35:45 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\FOG Downloader
[2010/08/08 14:06:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GameTuts
[2010/05/29 08:53:28 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GetRightToGo
[2010/05/17 09:40:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GrabPro
[2010/08/19 15:32:20 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ImTOO Software Studio
[2009/04/18 19:14:26 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\iWin
[2010/09/29 09:20:49 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ManyCam
[2010/06/09 13:55:36 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\NeopleLauncherDFO
[2009/04/10 14:23:10 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\OpenOffice.org
[2010/12/07 20:16:11 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Orbit
[2009/05/03 18:46:50 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PlayFirst
[2010/10/31 19:14:52 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ProgSense
[2010/08/21 12:01:40 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Red Kawa
[2010/06/07 11:11:37 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/07/22 20:05:16 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Regensoft
[2010/10/31 19:49:44 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\runic games
[2010/09/29 09:25:38 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Secret of the Solstice
[2010/09/22 15:29:39 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SystemRequirementsLab
[2010/06/04 13:53:49 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Turbine
[2009/02/01 20:37:28 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WildTangent
[2010/12/10 12:04:09 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:661DFA1C
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:D06A4C76

< End of report >

**rngrgreen** · 2010-12-10, 18:36

Here is the other one you right neede 2 post to put them up

OTL Extras logfile created on: 12/10/2010 12:21:21 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\owner\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.70 Gb Total Space | 34.10 Gb Free Space | 24.58% Space Free | Partition Type: NTFS
Drive E: | 2.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SHAWN-WANAMAKER | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07C59680-CBDF-42A1-B8A9-B28D304A35EF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{196D4CD7-67F7-40A0-95B1-EE6A9D15F2B5}" = lport=138 | protocol=17 | dir=in | app=system |
"{2081AC7F-7969-4CD4-9C11-1943C05150D0}" = lport=139 | protocol=6 | dir=in | app=system |
"{389C24E5-8832-440B-9FFB-3E1BBD989CA3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3E187A89-4D50-455A-882C-71A98D84AABF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{42ECA6A1-CCED-451E-BD69-BD614EF2883F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{44CE7BA2-E254-4C84-AEA3-C01A88B69AA7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{50994B4B-B840-4CFE-988C-AEAC3FDE27BC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5F60B4E0-2658-4A35-89BA-6B9E9E0F996C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6751CF59-5C07-45A4-A77A-F5151CF5EC82}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{684B2906-A442-4916-9FE7-D0E7A36373AE}" = lport=137 | protocol=17 | dir=in | app=system |
"{69DAE553-ED70-497E-9E8E-66441F3C4F4C}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{6CF3FAE3-6FE3-48E4-971C-B265A48C4EDA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{75ADAE76-4EF4-4432-BD55-410E286539AA}" = rport=138 | protocol=17 | dir=out | app=system |
"{8F2B886C-45BF-4C98-B3A7-B638A9C58B79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9B397058-8DC4-4014-97BD-73F77F16BAB5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B7AE72E1-2733-40CB-9F9F-B3060DF2CE6E}" = lport=445 | protocol=6 | dir=in | app=system |
"{BC0668D8-034A-4450-A3E1-2842E1B965B7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C561784E-2291-4F45-9D77-6CE47CFB61CC}" = rport=139 | protocol=6 | dir=out | app=system |
"{CDAABB2C-FA9C-4B4E-8168-0B27B50874EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DD33E78B-A54B-4353-9553-429110B73ED2}" = rport=137 | protocol=17 | dir=out | app=system |
"{F211AA16-DF3B-493E-84F1-3EBA01343DBD}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface |
"{F4272B86-AC93-4E5E-B19B-2EB1982C46D8}" = rport=445 | protocol=6 | dir=out | app=system |
"{F6EAC78C-855E-4BA6-87E5-8E902377EE31}" = lport=49200 | protocol=6 | dir=in | name=akamai netsession interface |
"{FF052CBA-196A-4D42-98AD-E8C379DE9810}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F1A93B-502C-449E-AA33-4161A25D37DF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0900C973-C49F-4E2D-8B21-3BF503920C34}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{0B8D53F5-564C-47F0-9CB3-DB6D75762D87}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{12CCCEA9-F058-473B-8BFE-886435644901}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\ffxi\squareenix\final fantasy xi\toolsus\final fantasy xi config.exe |
"{156EFD44-1592-400D-9415-6E7CC44394B4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1723377B-4017-4371-A3E3-B2B08291D1A5}" = protocol=17 | dir=in | app=c:\program files\stormii\storm.exe |
"{212CE7AC-60B3-476E-9B17-53B0D253450B}" = protocol=6 | dir=in | app=c:\program files\squareenix\final fantasy xiv\ffxivboot.exe |
"{2D0F798D-DAF9-422B-9258-9AD564C5FA2F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2F4937F4-1ADB-4AC3-B3CC-C728F4CB5CE1}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{321529E6-EAB5-410D-BA6A-6B618B28EF05}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{33A82482-5C01-4CFF-93E1-F517030AD44E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{343A8FF8-C189-47FD-AD8D-3447993FB524}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{358C533F-D578-4E10-8331-FF75B5803D0E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{385F2F44-1752-4D99-B873-633C89673100}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{3A755A0E-7B1E-4755-8AE3-3D75A2860A50}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3B0E8D81-3145-4D78-A942-1CDDC389E1EA}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{450C95C7-F71A-4BF9-8289-BF2C0B9868D4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4DCDD217-C7CC-4EA7-B191-B6AF1B86522A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\ffxi\squareenix\final fantasy xi\polboot.exe |
"{55F2D62D-33BB-49ED-BC8F-9DA086E2D1EF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\ffxi\squareenix\final fantasy xi\toolsus\final fantasy xi config.exe |
"{569D1FF6-86D3-4DB7-96E9-E77324AE5D49}" = protocol=6 | dir=in | app=c:\program files\stormii\stormliv.exe |
"{580B73C8-6C32-4033-A615-B7EECCF5D366}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5BFDCBF2-B1B8-408B-8265-28B156B34D4C}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5DE1E07E-0232-4552-842F-567A9C012EF4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{679D0331-03B2-4C5A-A05B-3C89076430D3}" = protocol=17 | dir=in | app=c:\gpotato.com\allods online\bin\aogame.exe |
"{67DE253E-88FB-408D-AFB3-FE4EE53EADD9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{69FAB3D6-E45E-4172-A1C2-9E3CE32D3C04}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6B8D3932-71D7-477D-B04D-2CBD42FC8557}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{76BFD47F-91B7-4BF6-A9C3-0435B15444EB}" = protocol=6 | dir=in | app=c:\program files\stormii\storm.exe |
"{791032B1-70E2-4313-BA95-56507D8ABECC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\ffxi\squareenix\playonlineviewer\polcfg\polcfg.exe |
"{7F998E83-D3CA-4150-9693-5078D0584806}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{81874413-243A-4109-B313-086E0D396475}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{826F747A-D68F-4678-A207-3DBDBFB1F07E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{83728C45-CE59-4E7F-B354-D71AEA472349}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{885E9827-7478-41C0-81B6-4D810786BED6}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{8F8DFFF6-D128-4C03-A92C-715FA3E7C155}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{95EAA94F-8DEF-43B6-B4F0-93065F706FC7}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{A51FA3E6-60F2-4C79-AA9B-75612EBC4DC2}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{AE42AC6F-C12E-4057-9219-AC7DD2CFEE14}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{AF6B8925-E8C7-48F3-B2D5-82650A077872}" = protocol=6 | dir=in | app=c:\gpotato.com\allods online\bin\aogame.exe |
"{B974CBD5-2124-418F-93B7-E38B68A19790}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{B9B992C6-F3A0-48D3-8AD6-B1C7289D0A48}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BC3295F1-DF2B-46EE-97DF-DA3AF88CABAA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{C7841F2B-E4D7-4108-BFB5-012DE9227AE6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\ffxi\squareenix\final fantasy xi\polboot.exe |
"{C9D06CE9-A13D-48DA-A8E3-21B04EA757CF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CD8AC772-24E1-406D-AC94-340ABE20925E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D1AD7E34-9BD0-41E3-AE7F-F2C15E03E987}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{D53B8B7E-D3B8-4479-B152-393894654F29}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{DB0257E4-4390-47A5-AC44-6C4A25BF54F3}" = protocol=6 | dir=in | app=c:\gpotato.com\allods online\bin\launcher.exe |
"{E15E8586-4ABB-4DEC-8CD5-A0D4CCF5C200}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E265BD0A-188F-4255-9F83-28DFD22B5DE1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{E463BCA0-B2DA-490E-8AAD-FB3F58787CBF}" = protocol=17 | dir=in | app=c:\program files\stormii\stormliv.exe |
"{E5B55089-C623-4269-9ABE-4FF00660B0CD}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{E91DE1A0-9D0B-4B01-B7BE-6A77DB20280A}" = protocol=17 | dir=in | app=c:\gpotato.com\allods online\bin\launcher.exe |
"{ED1809A0-3C0B-4B21-BB30-4F3983730379}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\ffxi\squareenix\playonlineviewer\polcfg\polcfg.exe |
"{F3B215A1-F050-4DEE-932D-30EA7D61BEBD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F45B6A6B-95E9-4ED7-900D-36338B9845C3}" = protocol=17 | dir=in | app=c:\program files\squareenix\final fantasy xiv\ffxivboot.exe |
"{FA22F1DA-E272-4F1C-BD7B-AAF97C55FA94}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{02C20BD9-0AC3-42CF-805F-BBEDB738526D}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{0AAFBFF1-DE4D-48DE-A9D0-24F2A2BCAB1D}C:\program files\steam\steamapps\common\ffxi\squareenix\playonlineviewer\pol.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\ffxi\squareenix\playonlineviewer\pol.exe |
"TCP Query User{0B89EC0E-8070-455F-96EA-0ACD4643B775}C:\nexon\maplestory\localms v88.exe" = protocol=6 | dir=in | app=c:\nexon\maplestory\localms v88.exe |
"TCP Query User{24A5AC76-967F-4073-B2EA-DB5D6D9862E7}C:\users\owner\downloads\fogdownloader-rom_3_0_1_2153.exe" = protocol=6 | dir=in | app=c:\users\owner\downloads\fogdownloader-rom_3_0_1_2153.exe |
"TCP Query User{2F94D875-469C-4F6F-AA27-3B28D5DA5D0B}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{4185CAFC-D973-40B6-A0A9-8ABA6E195FA3}C:\users\owner\downloads\minecraftloader\minecraftloader\minecraftloader.exe" = protocol=6 | dir=in | app=c:\users\owner\downloads\minecraftloader\minecraftloader\minecraftloader.exe |
"TCP Query User{56F6FE65-63B2-4B8D-B936-882B2C39A5AA}C:\program files\stormii\storm.exe" = protocol=6 | dir=in | app=c:\program files\stormii\storm.exe |
"TCP Query User{82C87DDD-AD36-4164-A076-90E9FB99DB4E}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe |
"TCP Query User{857CDB38-7618-4575-B077-648DE0315101}C:\program files\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\ddo unlimited\dndclient.exe |
"TCP Query User{8F8AE8F2-557E-467F-B52C-05BC0C378800}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{9698F34E-D862-4F24-A9A4-F9D4B26BB234}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{97874278-61CE-4E5E-AFCD-02649ABBAA2E}C:\gpotato.com\allods online\bin\launcher.exe" = protocol=6 | dir=in | app=c:\gpotato.com\allods online\bin\launcher.exe |
"TCP Query User{9B126C2E-8B8B-48E9-A2DA-CB12A86DDF5E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{A837C0F1-6F8E-4C76-AB79-555C71889FCB}C:\users\owner\downloads\minecraftloader\minecraftloader.exe" = protocol=6 | dir=in | app=c:\users\owner\downloads\minecraftloader\minecraftloader.exe |
"TCP Query User{DD6EE687-7929-4D77-ABE6-DA3A63EF9EB5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E4A3450F-A31A-47EF-A930-FC2F28E5573F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{F8EFDB34-DF6B-4E33-895C-4B1F93672496}C:\nexon\new folder\maplestory\localms v88.exe" = protocol=6 | dir=in | app=c:\nexon\new folder\maplestory\localms v88.exe |
"UDP Query User{1929362A-DEE2-424B-AB32-90FFD6FCEB5D}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{21010343-4580-4304-A6FB-AF4AF8F36E4D}C:\program files\stormii\storm.exe" = protocol=17 | dir=in | app=c:\program files\stormii\storm.exe |
"UDP Query User{2FF161DC-C22C-4279-BD7C-9D93AD5A547F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{31C2EC59-6877-4EA7-8C2F-7DB5C283B4A2}C:\users\owner\downloads\fogdownloader-rom_3_0_1_2153.exe" = protocol=17 | dir=in | app=c:\users\owner\downloads\fogdownloader-rom_3_0_1_2153.exe |
"UDP Query User{32F1F6AE-1017-4F0F-AE10-2B861297B229}C:\program files\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\ddo unlimited\dndclient.exe |
"UDP Query User{3DFB90E7-5271-4EA4-A77C-674F89BE3B30}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{4216BBD3-9965-446B-A2E6-7B9DE57AC83D}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe |
"UDP Query User{52956A67-DA28-4FE4-B81C-36B758809FF3}C:\program files\steam\steamapps\common\ffxi\squareenix\playonlineviewer\pol.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\ffxi\squareenix\playonlineviewer\pol.exe |
"UDP Query User{67A47844-5DEF-4550-A759-B1AD46BF93E7}C:\users\owner\downloads\minecraftloader\minecraftloader\minecraftloader.exe" = protocol=17 | dir=in | app=c:\users\owner\downloads\minecraftloader\minecraftloader\minecraftloader.exe |
"UDP Query User{69172F0B-91CB-49C5-968F-29D7CAE1A352}C:\users\owner\downloads\minecraftloader\minecraftloader.exe" = protocol=17 | dir=in | app=c:\users\owner\downloads\minecraftloader\minecraftloader.exe |
"UDP Query User{6E1B51D7-EA55-4AA3-B59F-028B4213ECB5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{71F05586-F812-40DB-8C0C-AC3D19C63486}C:\nexon\maplestory\localms v88.exe" = protocol=17 | dir=in | app=c:\nexon\maplestory\localms v88.exe |
"UDP Query User{7F394D10-DE71-41AC-A1D4-0D76C73CE664}C:\gpotato.com\allods online\bin\launcher.exe" = protocol=17 | dir=in | app=c:\gpotato.com\allods online\bin\launcher.exe |
"UDP Query User{AE493B62-937E-4264-845E-A9C2955309E0}C:\nexon\new folder\maplestory\localms v88.exe" = protocol=17 | dir=in | app=c:\nexon\new folder\maplestory\localms v88.exe |
"UDP Query User{C8F9F12F-AE7D-4A06-BCDD-9A02AAB55721}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{CC6419A7-B5D8-4D70-8722-4A0CF8C543BB}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{D4D88C5F-2D41-43E5-A932-A529028A21D9}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A4E71A5-643D-4536-B624-995F7E212272}" = WonderKing
"{1b89540f-8f25-406d-82e9-21869e253ffc}" = PS_SF_03_D5400_ProductContext
"{1E2FDD18-E514-4631-AF4A-0CC58FD93DCB}" = Quake Live Mozilla Plugin
"{1E7DACA2-C810-40DF-ADAD-BD1C8DB231B9}" = DemonFlyFFv15
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Virtual Earth 3D (Beta)
"{2DDEE1AF-730A-4CE0-90DB-A9EE84B9A959}" = EssenceRO
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{454070F6-2CAF-49DE-84E7-07DC177789FB}" = GPCabal LW
"{45813C0F-04E2-4757-9F64-A6386C169D21}" = D5400_Help
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48FE73F3-4C3A-4871-BCD0-A7726A08BD64}" = Hex Workshop v6
"{4B22DD86-47B1-4454-BFF7-64FCA3D0631C}" = Soul of the Ultimate Nation
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4dd83a18-e502-461e-adfb-a458bd25e45d}" = PS_SF_03_D5400_Software_Min
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{581cae33-36d4-41e1-9673-bceb97763864}" = PS_SF_03_D5400_Software
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{60131BE5-BE4D-4975-9108-DD0BE735890D}" = Xdelta 3.0t
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7C9002E8-E0BE-482F-870C-3449BC817513}" = Aerrevan 5.0
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96384578-C6A2-4EC6-92CD-B62A60713040}" = Microsoft Live Search Toolbar
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A738259E-000C-4678-9FD9-FB79D43FB21C}" = Secret of the Solstice
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{ADD72094-D289-4714-A62E-70574478A2BC}" = System Requirements Lab for Intel
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFD89880-C544-4777-B645-FBF6D3391B11}" = Belkin F7D1101 Basic Wireless USB Adapter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{b2670e67-0398-4c53-957f-414d28a758e9}" = D5400
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAE390A5-2864-46b6-BC80-A656A2068CB4}" = HP Photosmart D5400 Printer Driver Software 10.0 Rel .3
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBFD786F-691F-4C63-8F3E-AFE7FE324D88}" = Aion
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E57A2E59-7A17-4CCE-8EC5-4CF0DD41237B}" = Secret of the Solstice
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB5F211D-85D5-44C4-BB15-1207C77EF430}" = Visual C++ 8.0 Runtime Setup Package
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F1C60F3E-70CF-42BF-8FEC-7B101A8C4868}" = IrisOnline
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}" = FINAL FANTASY XIV
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.16 beta
"8461-7759-5462-8226" = Vuze
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"AutoHotkey" = AutoHotkey 1.0.48.05
"AviSynth" = AviSynth 2.5
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Defraggler" = Defraggler
"DivX Setup.divx.com" = DivX Setup
"DMX5_is1" = DriverMax 5
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"Guild Wars" = Guild Wars
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"ImTOO MPEG Encoder Standard" = ImTOO MPEG Encoder Standard
"InstallShield_{1E7DACA2-C810-40DF-ADAD-BD1C8DB231B9}" = DemonFlyFFv15
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{AFD89880-C544-4777-B645-FBF6D3391B11}" = Belkin F7D1101 Basic Wireless USB Adapter
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Latale GP3.0" = Latale GP
"Mabinogi" = Mabinogi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapleStory" = MapleStory
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Firefox 4.0b6 (x86 en-US)" = Mozilla Firefox 4.0b6 (x86 en-US)
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"PunkBusterSvc" = PunkBuster Services
"Risk" = Risk
"Runic Games Torchlight" = Torchlight
"Security Task Manager" = Security Task Manager 1.8c
"Shop for HP Supplies" = Shop for HP Supplies
"SpeederXP_is1" = SpeederXP v2.61
"StarCraft II" = StarCraft II
"storm2" = ±©·çÓ°Òô
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tetris Game for Windows_is1" = Tetris Game for Windows 2.5.9
"Videora iPod Converter" = Videora iPod Converter 5.04
"Videora Xbox 360 Converter" = Videora Xbox 360 Converter 5.04
"Vindictus" = Vindictus
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"YInstHelper" = Yahoo! Install Manager
"YouTube Downloader App" = YouTube Downloader App 2.03

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AikaOnline" = AikaOnline
"BitTorrent DNA" = DNA
"heRO" = heRO
"LuminaRO Lite Setup 2010-09-12" = LuminaRO Lite Setup 2010-09-12
"NCsoft-Aion" = Aion
"SOE-Free Realms" = Free Realms
"Sparkplayer (Beta)" = Sparkplayer (Beta)

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

**rngrgreen** · 2010-12-10, 18:39

I meant to say in the reply I am sorry about posting 2 computers I did not read rules completely. So I wanted to apologize for that and thank you for the help again.

Thread: Laptop multple issue.

Thread Tools

Display

Hybrid View

Laptop multple issue.

Malwarebytes log and OTL

OTL Extras

Sorry

Posting Permissions