Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 34

Thread: Ilivid Root kit issue

  1. #21
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    We need to go about this another way...

    OTL
    • Download OTL to your desktop.
    • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Select All Users
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under the Custom Scan box paste this in

      netsvcs
      /md5start
      consrv.dll
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      /md5stop
      CREATERESTOREPOINT
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

    ----------

  2. #22
    Junior Member
    Join Date
    Sep 2012
    Posts
    21

    Default

    On it. Is it OK if I run further tests in safe mode? It's still running slow, but barely tolerable.

    Tx

  3. #23
    Junior Member
    Join Date
    Sep 2012
    Posts
    21

    Default

    OTL logfile created on: 9/26/2012 5:10:15 PM - Run 1
    OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Phil\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.93 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 77.09% Memory free
    5.86 Gb Paging File | 5.25 Gb Available in Paging File | 89.61% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.03 Gb Total Space | 111.42 Gb Free Space | 38.96% Space Free | Partition Type: NTFS
    Drive D: | 11.87 Gb Total Space | 2.00 Gb Free Space | 16.88% Space Free | Partition Type: NTFS
    Drive Z: | 1397.26 Gb Total Space | 660.88 Gb Free Space | 47.30% Space Free | Partition Type: NTFS

    Computer Name: PHILS-HP | User Name: Phil | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Phil\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Nitro PDF\Reader 2\NitroPDFReader.exe (Nitro PDF)
    PRC - C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe (GFI Software)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files (x86)\Nitro PDF\Reader 2\wxbase28u_xml_vc_pro7.dll ()
    MOD - C:\Program Files (x86)\Nitro PDF\Reader 2\wxbase28u_vc_pro7.dll ()


    ========== Services (SafeList) ==========

    SRV:64bit: - (NitroReaderDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
    SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (SBAMSvc) -- C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe (GFI Software)
    SRV - (SBPIMSvc) -- C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe (GFI Software)
    SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
    SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    SRV - (LeapFrog Connect Device Service) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
    SRV - (bgsvcgen) -- C:\Windows\SysWOW64\bgsvcgen.exe (SOURCENEXT)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (dsNcService) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
    SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (91605408) -- C:\Windows\SysNative\drivers\00295725.sys (Kaspersky Lab, GERT)
    DRV:64bit: - (SbFw) -- C:\Windows\SysNative\drivers\SbFw.sys (GFI Software)
    DRV:64bit: - (sbwtis) -- C:\Windows\SysNative\drivers\sbwtis.sys (GFI Software)
    DRV:64bit: - (sbhips) -- C:\Windows\SysNative\drivers\sbhips.sys (GFI Software)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\sbredrv.sys (GFI Software)
    DRV:64bit: - (sbapifs) -- C:\Windows\SysNative\drivers\sbapifs.sys (GFI Software)
    DRV:64bit: - (SBFWIMCLMP) -- C:\Windows\SysNative\drivers\SbFwIm.sys (GFI Software)
    DRV:64bit: - (SBFWIMCL) -- C:\Windows\SysNative\drivers\SbFwIm.sys (GFI Software)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
    DRV:64bit: - (cdrbsdrv) -- C:\Windows\SysNative\drivers\cdrbsdrv.sys (B.H.A Corporation)
    DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
    DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
    DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
    DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)
    DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
    DRV:64bit: - (dsNcAdpt) -- C:\Windows\SysNative\drivers\dsNcAdpt.sys (Juniper Networks)
    DRV:64bit: - (NETw1v64) -- C:\Windows\SysNative\drivers\NETw1v64.sys (Intel Corporation)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
    DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
    DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
    DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
    DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
    DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
    DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
    DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
    DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
    DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
    DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
    DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
    DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
    DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
    DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
    DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
    DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
    DRV:64bit: - (FlyUsb) -- C:\Windows\SysNative\drivers\FlyUsb.sys (LeapFrog)
    DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
    DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Labtec Inc.)
    DRV:64bit: - (PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Labtec Inc.)
    DRV - (SBRE) -- C:\Windows\SysWOW64\drivers\SBREDrv.sys (GFI Software)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {403CE8DA-BA42-478B-945D-BCD60FB70B3C}
    IE:64bit: - HKLM\..\SearchScopes\{397CFBAF-01FE-4A0D-950E-041F4905DC38}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE:64bit: - HKLM\..\SearchScopes\{403CE8DA-BA42-478B-945D-BCD60FB70B3C}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
    IE - HKLM\..\SearchScopes,DefaultScope = {403CE8DA-BA42-478B-945D-BCD60FB70B3C}
    IE - HKLM\..\SearchScopes\{397CFBAF-01FE-4A0D-950E-041F4905DC38}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKLM\..\SearchScopes\{403CE8DA-BA42-478B-945D-BCD60FB70B3C}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4B 83 DD 02 2C 1C 26 44 8A A5 9D 1C E0 B8 7D FA [binary data]

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4B 83 DD 02 2C 1C 26 44 8A A5 9D 1C E0 B8 7D FA [binary data]

    IE - HKU\S-1-5-21-2939069197-2136796463-434259497-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-2939069197-2136796463-434259497-1001\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4B 83 DD 02 2C 1C 26 44 8A A5 9D 1C E0 B8 7D FA [binary data]
    IE - HKU\S-1-5-21-2939069197-2136796463-434259497-1001\..\SearchScopes,DefaultScope = {222BE4DB-5FBA-41A8-A4F9-EE7EC6894B96}
    IE - HKU\S-1-5-21-2939069197-2136796463-434259497-1001\..\SearchScopes\{222BE4DB-5FBA-41A8-A4F9-EE7EC6894B96}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-2939069197-2136796463-434259497-1001\..\SearchScopes\{25A517D5-05F7-47C3-87F9-14862106EE78}: "URL" = http://www.amazon.com/s?ie=UTF8&tag=amznsearch.ms-20&index=aps&link%5Fcode=qs&field-keywords={searchTerms}
    IE - HKU\S-1-5-21-2939069197-2136796463-434259497-1001\..\SearchScopes\{397CFBAF-01FE-4A0D-950E-041F4905DC38}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKU\S-1-5-21-2939069197-2136796463-434259497-1001\..\SearchScopes\{403CE8DA-BA42-478B-945D-BCD60FB70B3C}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-2939069197-2136796463-434259497-1001\..\SearchScopes\{6CF8F5CD-8449-4933-9121-9AE2C384BF15}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
    IE - HKU\S-1-5-21-2939069197-2136796463-434259497-1001\..\SearchScopes\{DCF57222-1BA9-4DFC-9DC8-A53410600216}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
    IE - HKU\S-1-5-21-2939069197-2136796463-434259497-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2939069197-2136796463-434259497-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Phil\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/03 20:05:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 23:17:01 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/14 10:58:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/03 20:05:19 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 23:17:01 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/14 10:58:46 | 000,000,000 | ---D | M]

    [2012/08/14 21:47:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Extensions
    [2012/08/14 21:47:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
    [2012/05/02 08:00:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\zerjo7nd.default\extensions
    [2012/04/11 23:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/08/23 10:20:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/09/08 23:17:00 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/03/13 10:30:48 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2012/09/08 23:16:56 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/06/21 11:03:02 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
    [2012/09/08 23:16:56 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
    CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
    CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Phil\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - Extension: Entanglement = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
    CHR - Extension: Skype Click to Call = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
    CHR - Extension: Poppit = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

    O1 HOSTS File: ([2012/09/26 00:17:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
    O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
    O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
    O4 - HKLM..\Run: [SBAMTray] C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe (GFI Software)
    O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - Startup: C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2939069197-2136796463-434259497-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2939069197-2136796463-434259497-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplug...bootloader.cab (Reg Error: Key error.)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
    O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductA...eX_Control.cab (Photo Upload Plugin Class)
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductA...eX_Control.cab (Photo Upload Plugin Class)
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/acti..._v1-0-31-0.cab (EPUImageControl Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://go.adt.com/dana-cached/sc/Ju...etupClient.cab (JuniperSetupClientControl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15D81026-D0E5-4267-9482-F2E0D3DF05E1}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    CREATERESTOREPOINT
    Unable to start System Restore Service. Error code 1084

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/26 16:53:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
    [2012/09/26 00:30:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/09/25 22:02:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/09/25 20:43:56 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/09/21 18:04:28 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\00295725.sys
    [2012/09/21 10:04:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/09/21 10:04:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/09/21 10:04:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/09/21 10:03:28 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/18 18:05:10 | 004,757,278 | R--- | C] (Swearware) -- C:\Users\Phil\Desktop\ComboFix.exe
    [2012/09/14 00:47:55 | 000,000,000 | ---D | C] -- C:\Users\Phil\Desktop\Malware Logs
    [2012/09/14 00:47:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/09/14 00:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2012/09/14 00:46:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
    [2012/09/09 08:36:01 | 000,000,000 | ---D | C] -- C:\Users\Phil\Desktop\HDRsoft Photomatix Pro 4.2.4 (64 bit)
    [2012/09/09 08:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photomatix Pro 4.2
    [2012/09/09 08:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\PhotomatixPro4
    [2012/09/09 08:35:04 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\HDRsoft
    [2012/09/07 22:25:50 | 000,000,000 | ---D | C] -- C:\Users\Phil\Desktop\Sleep Over
    [2012/09/05 19:41:59 | 000,000,000 | ---D | C] -- C:\Users\Phil\Desktop\School
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/09/26 16:42:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
    [2012/09/26 06:50:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/26 06:46:54 | 509,872,361 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/09/26 06:44:22 | 2361,802,752 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/26 03:44:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/26 03:43:19 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/09/26 00:17:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/09/25 23:22:40 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/25 22:49:58 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/25 22:49:58 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/25 19:52:27 | 004,757,278 | R--- | M] (Swearware) -- C:\Users\Phil\Desktop\ComboFix.exe
    [2012/09/24 04:57:52 | 000,660,546 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/09/24 04:57:52 | 000,125,688 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/09/24 04:57:12 | 000,783,732 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/09/21 18:04:28 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\00295725.sys
    [2012/09/17 12:10:06 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPhil.job
    [2012/09/14 00:46:46 | 000,001,140 | ---- | M] () -- C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2012/09/14 00:46:35 | 000,000,941 | ---- | M] () -- C:\Users\Phil\Desktop\ERUNT.lnk
    [2012/09/14 00:38:09 | 000,019,090 | ---- | M] () -- C:\Windows\SysWow64\FirewallConfig.xml
    [2012/09/09 09:16:24 | 006,193,654 | ---- | M] () -- C:\Users\Phil\Desktop\hdr1.jpg
    [2012/09/08 23:17:08 | 000,002,080 | ---- | M] () -- C:\Users\Phil\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/09/07 20:21:16 | 000,000,304 | ---- | M] () -- C:\Users\Phil\Documents\CD Drive - Shortcut.lnk
    [2012/08/29 16:08:18 | 000,001,188 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/09/21 10:04:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/09/21 10:04:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/09/21 10:04:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/09/21 10:04:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/09/21 10:04:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/09/14 00:46:46 | 000,001,140 | ---- | C] () -- C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2012/09/14 00:46:35 | 000,000,941 | ---- | C] () -- C:\Users\Phil\Desktop\ERUNT.lnk
    [2012/09/14 00:38:09 | 000,019,090 | ---- | C] () -- C:\Windows\SysWow64\FirewallConfig.xml
    [2012/09/09 09:16:19 | 006,193,654 | ---- | C] () -- C:\Users\Phil\Desktop\hdr1.jpg
    [2012/09/07 20:21:16 | 000,000,304 | ---- | C] () -- C:\Users\Phil\Documents\CD Drive - Shortcut.lnk
    [2012/08/29 16:08:18 | 000,001,188 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
    [2012/08/22 22:32:14 | 000,003,584 | ---- | C] () -- C:\Users\Phil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/12/27 23:39:01 | 000,777,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/09/30 16:50:30 | 000,000,008 | -H-- | C] () -- C:\Users\Phil\AppData\Local\L8457789110
    [2011/06/29 22:41:31 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
    [2011/02/10 00:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
    [2010/12/27 23:15:14 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
    [2010/12/27 23:15:11 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
    [2010/11/25 12:27:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/02/08 23:12:56 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2010/01/03 01:57:46 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2009/12/12 02:03:12 | 000,001,024 | ---- | C] () -- C:\Users\Phil\.rnd
    [2009/10/26 04:59:55 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\SysWow64\wbem\wbemess.dll

    ========== LOP Check ==========

    [2012/01/12 20:26:48 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\AVG2012
    [2010/12/12 23:16:56 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\com.Shutterfly.ExpressUploader
    [2012/07/05 11:58:54 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Downloaded Installations
    [2012/08/17 00:39:58 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Dropbox
    [2010/06/06 21:48:37 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Facebook
    [2011/09/30 15:25:31 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\FileMaker
    [2011/09/30 17:07:04 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\FileMaker Pro
    [2010/09/20 23:38:12 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Free MP3 WMA Cutter
    [2012/08/23 23:03:40 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\GFI Software
    [2012/09/09 08:35:04 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\HDRsoft
    [2011/08/11 21:46:15 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\ICAClient
    [2011/12/11 10:26:33 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\JCP
    [2011/10/10 10:32:28 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Juniper Networks
    [2012/09/18 17:39:59 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\MediaMonkey
    [2012/02/10 02:05:09 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Mobipocket
    [2011/09/30 17:51:28 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\net.dacons.mailit
    [2012/08/24 22:12:48 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Nitro PDF
    [2012/06/21 16:38:40 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\OpenCandy
    [2010/08/29 20:37:08 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Pegasys Inc
    [2012/07/24 14:19:56 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\PrimoPDF
    [2010/02/10 11:49:56 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Southwest Airlines
    [2010/09/12 14:18:39 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\StreamTorrent
    [2012/08/14 21:47:34 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\TomTom
    [2009/12/27 12:07:37 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Trillian
    [2010/07/01 22:21:50 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\UB
    [2012/09/21 10:19:02 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\uTorrent
    [2011/01/18 21:53:51 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < MD5 for: EXPLORER.EXE >
    [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

    < MD5 for: SVCHOST.EXE >
    [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
    [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 168 bytes -> C:\Users\Phil\Documents\Amex ADT Scan P Russo.jpeg:3or4kl4x13tuuug3Byamue2s4b

    < End of report >

  4. #24
    Junior Member
    Join Date
    Sep 2012
    Posts
    21

    Default

    OTL Extras logfile created on: 9/26/2012 5:10:15 PM - Run 1
    OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Phil\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.93 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 77.09% Memory free
    5.86 Gb Paging File | 5.25 Gb Available in Paging File | 89.61% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.03 Gb Total Space | 111.42 Gb Free Space | 38.96% Space Free | Partition Type: NTFS
    Drive D: | 11.87 Gb Total Space | 2.00 Gb Free Space | 16.88% Space Free | Partition Type: NTFS
    Drive Z: | 1397.26 Gb Total Space | 660.88 Gb Free Space | 47.30% Space Free | Partition Type: NTFS

    Computer Name: PHILS-HP | User Name: Phil | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03123E45-E2ED-4C79-AADC-511703992D6C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{057338F1-F267-4BE4-9D3F-630F2BE45CDC}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{0A09B939-F553-4A91-AEA4-B1E708A274A7}" = lport=139 | protocol=6 | dir=in | app=system |
    "{10EA4BB9-694E-4C32-AAB0-D66713652CCD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{1896E096-B0E4-4BE4-AB40-F0CB3D1F6CFE}" = lport=138 | protocol=17 | dir=in | app=system |
    "{19E3A565-EEE6-4B85-8F8A-1C728715BE9C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{202AE81F-759C-4D1E-8EBF-3D8F11C766A3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{30B8D438-C6B3-4ED0-B11B-693EE0E58591}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{30CC0D67-EABA-40AF-9144-223A9B5FB17C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{3C8BA7D5-8AC4-4937-9F81-61CD20EF885F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3F528FAC-A65E-4B35-BC37-172D01BC2AFD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{45ECF997-CE46-4061-8C4C-53C0836428AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{4DA7CF3D-CD2A-475B-96B7-E759BB38EDA0}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{4EF8E9CF-6647-4020-A4A6-32CF0ED4B87C}" = rport=138 | protocol=17 | dir=out | app=system |
    "{4F7F3C8A-11AA-4C13-A3CB-7DEF1BC6697E}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{57EFF873-4F76-45C2-BF9C-1A4DECAE440C}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{58B4753D-C17D-4F3E-B162-D118B6E3C08A}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{59991A2F-E52E-4619-9A78-294D46BB1396}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{5BC100F4-9D9E-4600-A9B2-81F12934CED2}" = rport=139 | protocol=6 | dir=out | app=system |
    "{5EFC5DA7-008F-4F3A-9011-CA525B3690A7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5F1E9937-3E73-44D9-9F76-53BC5D9B6EB3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{5FC3C31E-7FCD-4F54-A973-A5DCD086A29D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{6538131D-BE0A-43C1-8615-C952AED71AE1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{73817CE2-F63C-4FE1-9139-63A2C8CBE236}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{73C6B4C9-C693-4322-AA0A-A286A9D3468B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{7AE3C2A4-B009-4474-81DD-7C8387372015}" = lport=445 | protocol=6 | dir=in | app=system |
    "{8127ED9C-A9F2-4E44-8372-A84DF7549364}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{84C769CD-FC35-446E-B5FC-24A9B86661B6}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{8B8EBBE3-3471-4435-AE7D-0FA6BB7C3196}" = rport=445 | protocol=6 | dir=out | app=system |
    "{8B910440-CFC3-46F8-B41B-A93F0D8EDA38}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{90E2BF44-4C57-4604-A8B6-75EBD3B36011}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{934A1D7E-6386-4167-886F-B8D28BF90641}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{97A0ED5D-C1CC-4220-AC18-3B39F17E3A2D}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{97C45D46-5198-4B52-B0BA-1B1B348F3A9B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{97E360C6-EAD5-40A5-ACA7-E9A6B3B3B6A5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9AA6299C-FDC7-486E-BEEE-3D5A3414D8F0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A255D4A1-8DC0-4A3D-8E43-BA15EFA8DA7E}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{A3F59156-9797-46A9-BABD-5FC743A1CC83}" = lport=137 | protocol=17 | dir=in | app=system |
    "{A5EC04D6-8046-4E6D-B706-AA9346CDB2F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{AC38FCD1-54C7-486B-9839-EA0757927289}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B17DED08-6051-4DB2-93E5-D67452F197E0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B6176B8C-FD48-4241-A884-3B325B460F28}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{B854BFEC-182A-4B7A-900F-FC4F88E54BF0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C2232AF2-37F7-46CC-A592-016AEED0B4EB}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C67ED727-ED82-4526-851C-CA8D296AFC72}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{CA7F23E8-85AB-41D8-9F91-D078406B8CE3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{CB914F16-FFD0-41A3-B918-CBBADB7402A6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{D8C8097D-891F-42E8-B75C-0CF55E2F55EC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{DD5974B8-23BB-457E-9A54-42E6F1BD49A4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{EA2C4F78-5F03-4AD7-9980-0C1FFB667CB8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F3EA8C60-2949-4C36-A5A7-B91BFD744BA0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{FC47B71B-C62D-4F70-AF07-772360D3B67B}" = rport=137 | protocol=17 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0ACD0485-B23E-4126-BF15-13EE3C0130E5}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
    "{122E53B5-B220-43CC-96D9-B6CD7A232E05}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
    "{1238728A-C195-4CA0-92C8-6D3BC08774F6}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{1D110E90-CEEC-4838-B09F-03ABE601426D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{22C4458B-C9DB-464D-82C3-A1011C4C1A00}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{267FE7E8-DBFE-4D40-9716-F16D93E92CC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{27160DAB-7538-44CF-906B-BB42A08EF2B1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{29F63F2E-0F39-41B2-AA43-0F35A08E0204}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{31B238A5-134B-48FC-89F4-011A84E31036}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{3D247EF4-21C3-47DE-AB13-CFB5471D5765}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{57327D1E-04D0-4D22-8F26-7E0D25EA4C38}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{5FCE1ED6-4762-48DF-B2DB-8D5979C342E4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{60C12D5D-E7AC-4709-B221-F33850B2A90C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{60F70342-615E-4520-97E9-628FC45D83DB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{67EF4CF8-0423-4469-B25F-6BD1A62DCBEB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{6D22C44B-9F56-449F-BD65-C5EFBE4EA221}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{6F04AEA5-F93D-4ECE-B8B6-D45F8509F908}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{6FBD7100-C493-4E61-A954-30909EA7A21D}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
    "{7093FE75-7163-4190-97C7-81FA444F1FAE}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{72F01B13-D106-4990-91E7-103D3D4C1D6E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{788AE2EB-F590-400E-8093-7A0C4A67BDFE}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
    "{79413397-D9D5-4B58-92EA-4011B3C118E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7EFA0E56-3CF6-498A-91E6-BCBCB303A6A1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{8CBF58C7-96FD-427C-BB98-A073B12C396C}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
    "{8D17DD3F-6AC0-4193-A6E0-71975689BF29}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{8F7F1B3A-3037-4B87-B76D-B05EB4DEF418}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{9003AACB-A15C-444B-B9E4-CBB6C735D035}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{98651F2C-EBED-4298-87D6-92A8D580E265}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
    "{99F51C0B-E9D3-4DBE-9D07-451790652185}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{9B1A2B12-D71E-4177-B61D-6D397CB98A20}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9B800873-EBC4-491B-B788-B96B8953C38F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{9C88CB6B-4651-4F69-B51F-10CFA08A36E4}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{9D782111-4477-4CE5-8719-8B94C8707193}" = protocol=17 | dir=in | app=c:\users\phil\appdata\roaming\dropbox\bin\dropbox.exe |
    "{9DB9895E-D3B2-4CA9-AD66-4C4784CED197}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{9EAD6D61-38B3-4A20-B0AC-2F2503649750}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A31D37A6-01A6-4449-9D1C-99D8A42DA528}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{B1FF5577-792F-435C-B1E9-CA8E615000D5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{BD653740-B0B1-490D-B972-F343235F4D4F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{C29C1AB0-F21A-497A-BF17-1BC5758E0F93}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{CB16CC33-583F-4493-89C8-D4FE469561EE}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{D0820041-6DCD-41F5-AB0F-5D8CC8C013E6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{D8D6D6A1-C884-4924-9A56-6603A26E71D3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{D8E1FA86-B500-4AED-8A83-314FE63031FF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{D948A11A-C3D0-45D4-BE0B-7F8541EDDCE4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{DC3E693E-E047-400B-99DA-FC6A03F08BD8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{E0596DE9-CF2A-4F25-9DAF-9AEDBA2B9D1C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{E3B8216A-862A-4676-BB51-CBDFDBCD5A0C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{E43AF255-FA35-48CC-B26D-433B52C2EE76}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{E46CBD96-A6A4-4A14-A64C-34F59ADEF020}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{E715E800-FD77-4F02-AB93-74CA87D73E4A}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{E79B7ED9-5C6B-4952-8E77-DDC9B63E2263}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{E91B0C4E-FEBA-458D-80AB-572A6DF5C916}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{EAEE4665-E148-45D7-BCAA-1732300DA826}" = protocol=6 | dir=out | app=system |
    "{F1539AAE-57BF-406C-8CFA-B8B45165E4BD}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{F361C805-8327-4C57-88C8-57A2E428D3E7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{F3C1C604-E18C-4F6F-982E-9ED62AE0C7CC}" = protocol=6 | dir=in | app=c:\users\phil\appdata\roaming\dropbox\bin\dropbox.exe |
    "{F5187853-2E29-4E11-977C-DB264351A5E7}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{F98DEF3E-8CC0-4851-AC2F-F7A4A6F052B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{FD853605-8727-4244-B5E6-BF1C5F6A06DE}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
    "{FE0FC3B6-C910-4B27-86DE-2A639FDB4DD3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{FF020194-7EC9-4880-B65A-C67B58784D8F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6C87223E-0EE1-4703-9789-2C986D860B20}" = Nitro Reader 2
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
    "8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "OfficeTrial" = Microsoft Office Home and Student 60 day trial
    "PhotomatixPro42x64_is1" = Photomatix Pro version 4.2.4
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{293F900D-3743-A8CC-46AD-5AFBFF8E29CF}" = muvee Reveal
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
    "{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.6
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{63688C0C-441B-B09B-97A3-B059D79A84F7}" = Shutterfly Express Uploader
    "{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}" = HP User Guides 0156
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
    "{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
    "{83BF64AF-208C-4D29-AD00-971A8FFC59F8}" = VIPRE Internet Security
    "{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A055FB62-CF73-4839-AD83-122ABCB92418}" = LeapFrog Tag Junior Plugin
    "{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A4D77A09-10EA-4574-8C09-9B6E1A21C95F}" = Virus Guard - powered by BitDefender
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.1 MUI
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
    "{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" = VIPRE Internet Security
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
    "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}" = WinZip 14.0
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
    "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
    "{D7D38949-8251-4F07-BC2C-AA767308010B}" = TMPGEnc Authoring Works 4
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{EACCC991-8E8C-4397-8854-349506741FC9}" = FileMaker Pro 11
    "{EACCC991-8E8C-4397-8854-349506741FC9}_FileMaker" = FileMaker Pro 11
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
    "CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
    "CloneDVD2" = CloneDVD2
    "com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ERUNT_is1" = ERUNT 1.1j
    "Foxit PDF Editor" = Foxit PDF Editor
    "Free MP3 WMA Cutter_is1" = Free MP3 WMA Cutter 3.7.2.1
    "gBurner" = gBurner
    "Google Chrome" = Google Chrome
    "Homepage Protection" = Homepage Protection
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "Juniper Network Connect 6.4.0" = Juniper Networks Network Connect 6.4.0
    "MediaMonkey_is1" = MediaMonkey 4.0
    "Movie DVD Maker_is1" = Movie DVD Maker 2.8.0526
    "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Nero8Lite_is1" = Nero 8 Micro 8.3.2.1
    "PokerStars.net" = PokerStars.net
    "PowerISO" = PowerISO
    "PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
    "StreamTorrent 1.0" = StreamTorrent 1.0
    "TagJuniorPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
    "Trillian" = Trillian
    "UPCShell" = LeapFrog Connect
    "uTorrent" = µTorrent
    "Veetle TV" = Veetle TV 0.9.17
    "VLC media player" = VLC media player 2.0.1
    "WildTangent hp Master Uninstall" = HP Games
    "Winamp" = Winamp
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2939069197-2136796463-434259497-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Facebook Plug-In" = Facebook Plug-In
    "Juniper_Networks_Cache_Cleaner 6.4.0" = Juniper Networks Cache Cleaner 6.4.0
    "Juniper_Setup_Client" = Juniper Networks Setup Client
    "UB" = UB

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 9/23/2012 5:42:03 AM | Computer Name = Phils-HP | Source = Application Error | ID = 1005
    Description = Windows cannot access the file for one of the following reasons: there
    is a problem with the network connection, the disk that the file is stored on,
    or the storage drivers installed on this computer; or the disk is missing. Windows
    closed the program GFI Software Anti Malware Service because of this error. Program:
    GFI Software Anti Malware Service File: The error value is listed in the Additional
    Data section. User Action 1. Open the file again. This situation might be a temporary
    problem that corrects itself when the program runs again. 2. If the file still cannot
    be accessed and - It is on the network, your network administrator should verify
    that there is not a problem with the network and that the server can be contacted.
    -
    It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
    disk is fully inserted into the computer. 3. Check and repair the file system by
    running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
    OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
    persists, restore the file from a backup copy. 5. Determine whether other files
    on the same disk can be opened. If not, the disk might be damaged. If it is a hard
    disk, contact your administrator or computer hardware vendor for further assistance.

    Additional
    Data Error value: C0000185 Disk type: 0

    Error - 9/23/2012 4:15:29 PM | Computer Name = Phils-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: chrome.exe, version: 21.0.1180.89, time
    stamp: 0x503ebf10 Faulting module name: chrome.dll, version: 21.0.1180.89, time
    stamp: 0x503ebeca Exception code: 0xc0000006 Fault offset: 0x00e5c35c Faulting process
    id: 0x308 Faulting application start time: 0x01cd99b07795832d Faulting application
    path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module
    path: C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\chrome.dll Report
    Id: 6af968a6-05bb-11e2-97b7-001f16edfac7

    Error - 9/23/2012 4:15:42 PM | Computer Name = Phils-HP | Source = Application Error | ID = 1005
    Description = Windows cannot access the file C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\chrome.dll
    for one of the following reasons: there is a problem with the network connection,
    the disk that the file is stored on, or the storage drivers installed on this computer;
    or the disk is missing. Windows closed the program Google Chrome because of this
    error. Program: Google Chrome File: C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\chrome.dll

    The
    error value is listed in the Additional Data section. User Action 1. Open the file
    again. This situation might be a temporary problem that corrects itself when the
    program runs again. 2. If the file still cannot be accessed and - It is on the network,
    your
    network administrator should verify that there is not a problem with the network
    and that the server can be contacted. - It is on a removable disk, for example,
    a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3.
    Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
    click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
    and then press ENTER. 4. If the problem persists, restore the file from a backup
    copy. 5. Determine whether other files on the same disk can be opened. If not, the
    disk might be damaged. If it is a hard disk, contact your administrator or computer
    hardware vendor for further assistance. Additional Data Error value: C0000185 Disk
    type: 3

    Error - 9/23/2012 4:20:03 PM | Computer Name = Phils-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe_MpsSvc, version: 6.1.7600.16385,
    time stamp: 0x4a5bc3c1 Faulting module name: ntdll.dll, version: 6.1.7601.17725,
    time stamp: 0x4ec4aa8e Exception code: 0xc0000006 Fault offset: 0x000000000002676f
    Faulting
    process id: 0x53c Faulting application start time: 0x01cd99afeb9dc8e2 Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 0e04661e-05bc-11e2-97b7-001f16edfac7

    Error - 9/23/2012 4:20:03 PM | Computer Name = Phils-HP | Source = Application Error | ID = 1005
    Description = Windows cannot access the file for one of the following reasons: there
    is a problem with the network connection, the disk that the file is stored on,
    or the storage drivers installed on this computer; or the disk is missing. Windows
    closed the program Host Process for Windows Services because of this error. Program:
    Host Process for Windows Services File: The error value is listed in the Additional
    Data section. User Action 1. Open the file again. This situation might be a temporary
    problem that corrects itself when the program runs again. 2. If the file still cannot
    be accessed and - It is on the network, your network administrator should verify
    that there is not a problem with the network and that the server can be contacted.
    -
    It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
    disk is fully inserted into the computer. 3. Check and repair the file system by
    running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
    OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
    persists, restore the file from a backup copy. 5. Determine whether other files
    on the same disk can be opened. If not, the disk might be damaged. If it is a hard
    disk, contact your administrator or computer hardware vendor for further assistance.

    Additional
    Data Error value: C0000185 Disk type: 0

    Error - 9/24/2012 4:08:57 AM | Computer Name = Phils-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385,
    time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.17514,
    time stamp: 0x4ce7c9db Exception code: 0xc0000006 Fault offset: 0x000000000002f6d0
    Faulting
    process id: 0x3f0 Faulting application start time: 0x01cd99afe12f00ef Faulting application
    path: C:\Windows\System32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll
    Report
    Id: 163a61f4-061f-11e2-97b7-001f16edfac7

    Error - 9/24/2012 4:08:57 AM | Computer Name = Phils-HP | Source = Application Error | ID = 1005
    Description = Windows cannot access the file for one of the following reasons: there
    is a problem with the network connection, the disk that the file is stored on,
    or the storage drivers installed on this computer; or the disk is missing. Windows
    closed the program Host Process for Windows Services because of this error. Program:
    Host Process for Windows Services File: The error value is listed in the Additional
    Data section. User Action 1. Open the file again. This situation might be a temporary
    problem that corrects itself when the program runs again. 2. If the file still cannot
    be accessed and - It is on the network, your network administrator should verify
    that there is not a problem with the network and that the server can be contacted.
    -
    It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
    disk is fully inserted into the computer. 3. Check and repair the file system by
    running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
    OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
    persists, restore the file from a backup copy. 5. Determine whether other files
    on the same disk can be opened. If not, the disk might be damaged. If it is a hard
    disk, contact your administrator or computer hardware vendor for further assistance.

    Additional
    Data Error value: C0000185 Disk type: 0

    Error - 9/25/2012 8:47:17 PM | Computer Name = Phils-HP | Source = VSS | ID = 18
    Description =

    Error - 9/25/2012 8:47:17 PM | Computer Name = Phils-HP | Source = VSS | ID = 8193
    Description =

    Error - 9/25/2012 8:47:17 PM | Computer Name = Phils-HP | Source = System Restore | ID = 8193
    Description =

    [ Hewlett-Packard Events ]
    Error - 2/10/2010 5:37:49 PM | Computer Name = Phils-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 2/10/2010 5:37:50 PM | Computer Name = Phils-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 5/27/2010 6:05:12 PM | Computer Name = Phils-HP | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

    [ System Events ]
    Error - 9/26/2012 6:32:58 PM | Computer Name = Phils-HP | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 9/26/2012 6:32:58 PM | Computer Name = Phils-HP | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 9/26/2012 6:32:58 PM | Computer Name = Phils-HP | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 9/26/2012 6:33:46 PM | Computer Name = Phils-HP | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 9/26/2012 6:33:46 PM | Computer Name = Phils-HP | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 9/26/2012 6:33:46 PM | Computer Name = Phils-HP | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 9/26/2012 6:33:55 PM | Computer Name = Phils-HP | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Provider
    Host service which failed to start because of the following error: %%1068

    Error - 9/26/2012 6:33:56 PM | Computer Name = Phils-HP | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 9/26/2012 6:33:56 PM | Computer Name = Phils-HP | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 9/26/2012 6:33:56 PM | Computer Name = Phils-HP | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068


    < End of report >

  5. #25
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    I see a lot of errors on your system that could be causing your problems.

    First open an elevated command prompt > Click Start and type cmd in Start Search.
    When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.

    Copy the contents of the code box > right click in the command window and select paste >> Press Enter (do one line at a time if there are more than one)
    Code:
    chkdsk /r
    Accept any prompts that are shown.
    Reboot your system when done and let me know if that helped at all.

  6. #26
    Junior Member
    Join Date
    Sep 2012
    Posts
    21

    Default

    thanks Jeff. I really appreciate you taking this much time out for a total stranger. I owe you a beer at the very least.

    it said this volume is in use by another process. do you want to perform this function the next time you restart?

    I chose Y and rebooted.

  7. #27
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Yep...I was expecting that. When the scan completes let me know and also if that helped your system along at all.

    If you have your Windows disk please get that as well as we may be using it too.

  8. #28
    Junior Member
    Join Date
    Sep 2012
    Posts
    21

    Default

    It rebooted and ran chkdsk fairly quickly. Get this - it said the volume was clean. That's a relief!

    Now it's taking its usual 8 minutes to start up.

    At some point do I just format and reinstall Win7?

  9. #29
    Junior Member
    Join Date
    Sep 2012
    Posts
    21

    Default

    "failed to connect to a windows service. windows could not connect to the system event notification service..."

  10. #30
    Junior Member
    Join Date
    Sep 2012
    Posts
    21

    Default

    It booted to Windows but it's still doggin.

    Tried to run winamp after a reboot and so far I have been waiting 2 minutes or so.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •