GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


wuauclt.exe

2 posters

descriptionwuauclt.exe Emptywuauclt.exe27th February 2010, 9:24 am

more_horiz
I have a really nasty virus that keeps bringing up an error message that says "Application cannot be executed. The file wuauclt.exe is infected. Do you want to activate your antivirus software now?" This error keeps popping up pretty continuously and sometimes I get an error message saying that a different file is infected. I also won't really let me install any new programs and won't even let me run system restore. Any help would be appreciated.

descriptionwuauclt.exe EmptyRe: wuauclt.exe27th February 2010, 8:09 pm

more_horiz
Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionwuauclt.exe EmptyRe: wuauclt.exe27th February 2010, 8:45 pm

more_horiz
OTL logfile created on: 2/27/2010 12:37:08 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Users\Mowry\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 296.62 Gb Total Space | 163.03 Gb Free Space | 54.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOWRY-PC
Current User Name: Mowry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/27 12:32:43 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Mowry\Desktop\OTL(4).exe
PRC - [2010/02/26 02:08:59 | 000,278,784 | ---- | M] () -- C:\Users\Mowry\AppData\Local\pmbuwk\ymdlsftav.exe
PRC - [2010/01/22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
PRC - [2009/12/14 13:56:15 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/12/11 10:30:09 | 002,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgtray.exe
PRC - [2009/10/24 21:30:04 | 003,005,952 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe
PRC - [2009/08/20 10:47:54 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/20 10:47:50 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe
PRC - [2009/08/20 10:47:40 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
PRC - [2009/06/22 09:24:44 | 000,715,400 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
PRC - [2009/06/22 09:24:44 | 000,446,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
PRC - [2009/05/29 10:41:26 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/18 21:23:16 | 000,049,968 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\AIM6\aim6.exe
PRC - [2009/03/02 18:16:04 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2008/11/06 09:33:00 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\AIM6\aolsoftware.exe
PRC - [2008/11/02 23:55:23 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2008/02/14 11:08:30 | 000,184,320 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
PRC - [2008/01/22 10:00:30 | 004,624,384 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/01/21 15:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/01/11 22:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2007/12/25 13:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007/12/13 19:52:00 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
PRC - [2007/10/25 16:41:18 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/10/23 16:27:16 | 000,066,928 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2007/09/28 16:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2007/01/25 18:47:50 | 000,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe
PRC - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/02/27 12:32:43 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Mowry\Desktop\OTL(4).exe
MOD - [2008/01/20 18:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 18:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/01/22 19:16:46 | 000,660,256 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV:64bit: - [2008/01/20 18:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/01/17 15:29:48 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2007/12/03 16:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2007/11/21 16:53:16 | 000,135,168 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2007/10/08 13:59:06 | 001,334,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2007/10/08 13:28:44 | 000,856,576 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2010/02/03 17:28:08 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/10/24 21:30:04 | 003,005,952 | ---- | M] (MediaMall Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2009/08/20 10:47:50 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/20 10:47:40 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/06/22 09:24:44 | 000,715,400 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2009/05/29 10:41:26 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/02 23:55:23 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2008/07/27 10:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/01/21 15:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/12/25 13:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/10/23 16:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/09/28 16:06:42 | 000,168,296 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/09/24 17:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/03/12 02:35:02 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/01/25 18:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 05:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 22:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 22:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/08/28 18:42:52 | 000,049,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/20 10:47:58 | 000,033,416 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2009/08/20 10:47:55 | 000,427,016 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 11:47:25 | 000,133,640 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2008/06/16 06:10:28 | 000,030,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV:64bit: - [2008/02/21 09:24:20 | 000,062,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/02/14 14:56:14 | 000,160,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/21 14:42:26 | 000,531,968 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/01/20 18:47:27 | 000,168,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo)
DRV:64bit: - [2008/01/20 18:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 18:46:51 | 000,017,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2007/12/20 15:10:50 | 000,028,200 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/12/06 18:12:56 | 000,320,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/11/09 13:00:30 | 000,026,968 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/09/29 22:03:32 | 000,384,024 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/09/26 05:19:08 | 003,196,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64) Intel(R)
DRV:64bit: - [2007/09/13 13:27:10 | 007,041,312 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2007/07/27 18:45:52 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 19:33:54 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2006/11/19 22:11:06 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2006/11/08 22:34:00 | 000,237,568 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10n64.sys -- (KR10N64)
DRV:64bit: - [2006/11/08 22:33:00 | 000,248,320 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10i64.sys -- (KR10I64)
DRV:64bit: - [2006/11/01 21:28:10 | 000,273,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2006/10/23 16:33:08 | 000,018,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2006/10/19 12:10:40 | 000,027,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV - [2008/06/16 06:10:28 | 000,010,664 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\AegisP.cat -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2006/09/18 13:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 13:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.startup.homepage: "http://www.GeekPolice.net/virus-spyware-malware-removal-f11/wuaucltexe-t19732.htm"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG8\Firefox [2009/12/21 16:28:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/02/18 12:47:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/02/18 12:47:05 | 000,000,000 | ---D | M]

[2009/09/27 19:52:28 | 000,000,000 | ---D | M] -- C:\Users\Mowry\AppData\Roaming\Mozilla\Extensions
[2009/09/27 19:52:28 | 000,000,000 | ---D | M] -- C:\Users\Mowry\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/02/27 01:19:05 | 000,000,000 | ---D | M] -- C:\Users\Mowry\AppData\Roaming\Mozilla\Firefox\Profiles\yvxb79ik.default\extensions
[2008/09/21 17:27:29 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Users\Mowry\AppData\Roaming\Mozilla\Firefox\Profiles\yvxb79ik.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2008/08/23 14:07:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2008/06/17 22:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/04/16 09:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2006/09/18 13:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PCMAgent] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Aim6] C:\Program Files (x86)\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [exoyeuyj] C:\Users\Mowry\AppData\Local\pmbuwk\ymdlsftav.exe ()
O4 - HKCU..\Run: [TOSCDSPD] File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDefaultTile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} https://technology.lls.edu/pcsecurity/webinst-vista32.cab (WebBasedClientInstall Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Mowry\Pictures\Los Angeles\la-winter-skyline.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mowry\Pictures\Los Angeles\la-winter-skyline.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b54fe5ab-5d03-11dd-a342-00215c29efa9}\Shell - "" = AutoRun
O33 - MountPoints2\{b54fe5ab-5d03-11dd-a342-00215c29efa9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/27 12:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Gosu
[2010/02/27 12:32:20 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Users\Mowry\Desktop\OTL(4).exe
[2010/02/27 01:03:42 | 000,000,000 | ---D | C] -- C:\Users\Mowry\AppData\Roaming\Malwarebytes
[2010/02/27 01:03:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/02/27 01:03:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/02/27 01:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/27 01:01:21 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/02/27 00:44:45 | 000,000,000 | ---D | C] -- C:\Users\Mowry\Desktop\Delete
[2010/02/26 02:57:22 | 000,000,000 | ---D | C] -- C:\Users\Mowry\AppData\Roaming\AVG8
[2010/02/26 02:09:21 | 000,000,000 | ---D | C] -- C:\Users\Mowry\AppData\Local\pmbuwk
[2010/02/23 11:52:24 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/02/23 11:52:24 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/02/23 11:52:20 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/02/23 11:52:20 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/02/23 11:52:20 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/02/23 11:52:20 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/02/23 11:52:19 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll
[2010/02/23 11:52:19 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/02/23 11:52:19 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/02/09 21:41:52 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/02/09 21:41:52 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvfw32.dll
[2010/02/09 21:41:52 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/02/09 21:41:52 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/02/09 21:41:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avicap32.dll
[2010/02/09 21:17:20 | 000,000,000 | ---D | C] -- C:\Users\Mowry\AppData\Roaming\Move Networks
[2010/02/06 20:49:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Domination
[2010/02/03 17:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/02/03 17:28:08 | 000,000,000 | ---D | C] -- C:\Users\Mowry\AppData\Local\Google
[2010/02/03 17:25:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/03 17:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/02/03 17:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/02/03 17:23:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[1996/11/18 00:00:00 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\Implode.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Mowry\AppData\Local\*.tmp files -> C:\Users\Mowry\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/27 12:43:39 | 003,670,016 | -HS- | M] () -- C:\Users\Mowry\ntuser.dat
[2010/02/27 12:42:51 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/02/27 12:42:51 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/02/27 12:42:51 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/02/27 12:39:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/27 12:36:15 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5D5DA5CC-3667-4CEC-B688-8A785702F470}.job
[2010/02/27 12:35:56 | 000,002,353 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2010/02/27 12:35:55 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/27 12:35:55 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/27 12:35:55 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/27 12:35:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/27 12:35:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/27 12:35:46 | 4284,436,480 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/27 12:33:52 | 000,524,288 | -HS- | M] () -- C:\Users\Mowry\ntuser.dat{3f456591-042f-11de-9069-00215c29efa9}.TMContainer00000000000000000001.regtrans-ms
[2010/02/27 12:33:52 | 000,065,536 | -HS- | M] () -- C:\Users\Mowry\ntuser.dat{3f456591-042f-11de-9069-00215c29efa9}.TM.blf
[2010/02/27 12:33:42 | 003,467,763 | -H-- | M] () -- C:\Users\Mowry\AppData\Local\IconCache.db
[2010/02/27 12:32:43 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Mowry\Desktop\OTL(4).exe
[2010/02/27 12:22:37 | 056,305,693 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/02/27 01:03:41 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/27 00:56:59 | 003,874,379 | ---- | M] () -- C:\Users\Mowry\Desktop\ComboFix.exe
[2010/02/25 19:29:22 | 000,002,651 | ---- | M] () -- C:\Users\Mowry\Desktop\Microsoft Office Word 2007.lnk
[2010/02/24 09:30:09 | 000,113,184 | ---- | M] () -- C:\Users\Mowry\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/24 09:29:00 | 000,403,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/02/24 00:41:41 | 000,002,609 | ---- | M] () -- C:\Users\Mowry\Desktop\Microsoft Office Excel 2007.lnk
[2010/02/23 04:02:47 | 000,141,312 | ---- | M] () -- C:\Users\Mowry\Documents\Top Movies.xls
[2010/02/21 14:52:54 | 000,018,594 | ---- | M] () -- C:\Users\Mowry\Documents\Ryan Mowry Stats.xlsx
[2010/02/21 01:44:58 | 000,008,540 | ---- | M] () -- C:\Users\Mowry\Documents\Team Creator Calculator.xlsx
[2010/02/20 05:37:46 | 000,011,630 | ---- | M] () -- C:\Users\Mowry\Documents\Coach Winning Percentages.xlsx
[2010/02/20 05:30:18 | 000,011,880 | ---- | M] () -- C:\Users\Mowry\Documents\Future Conference.xlsx
[2010/02/20 00:21:46 | 000,030,450 | ---- | M] () -- C:\Users\Mowry\Documents\Recruiting.xlsx
[2010/02/18 16:24:02 | 000,065,214 | ---- | M] () -- C:\Users\Mowry\Documents\Movie Inventory.xlsx
[2010/02/12 03:36:12 | 000,017,619 | ---- | M] () -- C:\Users\Mowry\Documents\Music Career.xlsx
[2010/02/11 18:33:39 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/02/08 18:18:21 | 000,191,488 | ---- | M] () -- C:\Users\Mowry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/07 22:38:31 | 000,010,162 | ---- | M] () -- C:\Users\Mowry\Documents\Stuff to Do.docx
[2010/02/06 21:33:21 | 000,008,671 | ---- | M] () -- C:\Users\Mowry\Documents\The Practice.xlsx
[2010/02/03 17:30:24 | 000,002,126 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/02/03 17:26:16 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/01/29 15:52:05 | 000,015,491 | ---- | M] () -- C:\Users\Mowry\Documents\Homicide Neighborhoods.xlsx
[2010/01/28 18:20:36 | 000,010,297 | ---- | M] () -- C:\Users\Mowry\Documents\Cite Check 2.docx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Mowry\AppData\Local\*.tmp files -> C:\Users\Mowry\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/27 01:03:41 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/27 01:03:37 | 000,022,104 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/02/27 00:56:44 | 003,874,379 | ---- | C] () -- C:\Users\Mowry\Desktop\ComboFix.exe
[2010/02/23 11:52:43 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/02/23 11:52:27 | 000,594,432 | ---- | C] () -- C:\Windows\SysNative\RMActivate.exe
[2010/02/23 11:52:26 | 000,594,944 | ---- | C] () -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/02/23 11:52:21 | 000,413,696 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/02/23 11:52:20 | 000,535,040 | ---- | C] () -- C:\Windows\SysNative\secproc.dll
[2010/02/23 11:52:20 | 000,534,016 | ---- | C] () -- C:\Windows\SysNative\secproc_isv.dll
[2010/02/23 11:52:20 | 000,409,600 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/02/23 11:52:19 | 000,457,216 | ---- | C] () -- C:\Windows\SysNative\msdrm.dll
[2010/02/23 11:52:19 | 000,159,232 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/02/23 11:52:19 | 000,158,720 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp.dll
[2010/02/21 01:44:58 | 000,008,540 | ---- | C] () -- C:\Users\Mowry\Documents\Team Creator Calculator.xlsx
[2010/02/20 05:30:10 | 000,011,880 | ---- | C] () -- C:\Users\Mowry\Documents\Future Conference.xlsx
[2010/02/11 00:48:06 | 000,017,619 | ---- | C] () -- C:\Users\Mowry\Documents\Music Career.xlsx
[2010/02/09 21:41:53 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010/02/09 21:41:52 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\msvfw32.dll
[2010/02/09 21:41:52 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\iyuv_32.dll
[2010/02/09 21:41:52 | 000,038,400 | ---- | C] () -- C:\Windows\SysNative\msvidc32.dll
[2010/02/09 21:41:52 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\msyuv.dll
[2010/02/09 21:41:52 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\msrle32.dll
[2010/02/09 21:41:52 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\tsbyuv.dll
[2010/02/09 21:41:51 | 000,108,544 | ---- | C] () -- C:\Windows\SysNative\avifil32.dll
[2010/02/09 21:41:51 | 000,093,184 | ---- | C] () -- C:\Windows\SysNative\mciavi32.dll
[2010/02/09 21:41:51 | 000,076,800 | ---- | C] () -- C:\Windows\SysNative\avicap32.dll
[2010/02/09 21:41:46 | 000,464,384 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/02/09 21:41:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2010/02/09 21:41:45 | 000,273,408 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2010/02/09 21:41:45 | 000,134,656 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2010/02/09 21:41:19 | 001,418,840 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/02/09 21:41:15 | 004,691,032 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/02/07 22:34:56 | 000,010,162 | ---- | C] () -- C:\Users\Mowry\Documents\Stuff to Do.docx
[2010/02/06 21:02:37 | 000,008,671 | ---- | C] () -- C:\Users\Mowry\Documents\The Practice.xlsx
[2010/02/03 17:30:55 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/02/03 17:30:24 | 000,002,126 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/02/03 17:28:20 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/03 17:28:19 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/03 17:26:16 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/01/29 04:06:36 | 000,015,491 | ---- | C] () -- C:\Users\Mowry\Documents\Homicide Neighborhoods.xlsx
[2010/01/28 17:34:40 | 000,010,297 | ---- | C] () -- C:\Users\Mowry\Documents\Cite Check 2.docx
[2010/01/23 04:13:04 | 000,337,428 | ---- | C] () -- C:\Users\Mowry\AppData\Local\dd_SharedManagementObjects_MSI7B19.txt
[2010/01/23 04:13:02 | 000,172,188 | ---- | C] () -- C:\Users\Mowry\AppData\Local\dd_SQLSysClrTypes_msi7B12.txt
[2010/01/23 04:13:00 | 000,321,612 | ---- | C] () -- C:\Users\Mowry\AppData\Local\dd_SQLCEToolsForVS2007_MSI7B0C.txt
[2010/01/23 04:12:57 | 000,398,156 | ---- | C] () -- C:\Users\Mowry\AppData\Local\dd_SSCERuntime_MSI7B02.txt
[2010/01/23 04:09:14 | 011,347,928 | ---- | C] () -- C:\Users\Mowry\AppData\Local\VSMsiLog782A.txt
[2010/01/23 04:09:06 | 000,200,292 | ---- | C] () -- C:\Users\Mowry\AppData\Local\dd_WinSDK_Win32ExpTools_x64_MSI780F.txt
[2010/01/23 04:08:57 | 000,213,720 | ---- | C] () -- C:\Users\Mowry\AppData\Local\dd_WinSDK_ExpTools_x64_MSI77F2.txt
[2010/01/23 04:08:50 | 001,227,964 | ---- | C] () -- C:\Users\Mowry\AppData\Local\dd_ExpRemoteDbg_x64_MSI77DB.txt
[2010/01/23 04:08:36 | 000,408,398 | ---- | C] () -- C:\Users\Mowry\AppData\Local\dd_VC_Red_MSI77AD.txt
[2010/01/23 03:58:37 | 000,116,913 | ---- | C] () -- C:\Users\Mowry\AppData\Local\dd_depcheck_VB_EXP_90.txt
[2010/01/23 03:58:32 | 000,372,610 | ---- | C] () -- C:\Users\Mowry\AppData\Local\dd_install_vb_xcor_90.txt
[2010/01/23 03:58:32 | 000,005,912 | ---- | C] () -- C:\Users\Mowry\AppData\Local\uxeventlog.txt
[2010/01/23 03:58:32 | 000,000,002 | ---- | C] () -- C:\Users\Mowry\AppData\Local\dd_error_vb_xcor_90.txt
[2008/11/02 23:55:24 | 000,002,353 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2008/11/02 23:55:23 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2008/09/23 15:02:59 | 000,000,297 | ---- | C] () -- C:\Windows\MP3trt.ini
[2008/09/23 14:09:07 | 000,001,028 | ---- | C] () -- C:\Users\Mowry\AppData\Roaming\WavCodec.wff
[2008/09/17 22:05:12 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/09/15 19:32:23 | 000,000,018 | ---- | C] () -- C:\Users\Mowry\AppData\Local\msesbucf.txt
[2008/09/12 08:25:50 | 000,005,864 | ---- | C] () -- C:\Users\Mowry\AppData\Local\d3d9caps.dat
[2008/09/01 03:22:01 | 000,191,488 | ---- | C] () -- C:\Users\Mowry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/24 22:27:06 | 000,000,365 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/08/05 13:18:13 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\imsispd.dll
[2008/08/05 13:18:13 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\DGRip.dll
[2008/08/05 13:18:08 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\imslevel.dll
[2008/07/28 11:24:30 | 000,000,014 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2008/02/15 03:19:35 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/15 02:19:35 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/02/15 02:19:35 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/02/15 02:19:35 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/02/15 02:19:35 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/02/15 02:19:35 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/02/15 02:19:35 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/01/20 18:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 18:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/12/21 16:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\TosBtAcc.dll
[2007/09/13 13:25:52 | 001,238,832 | ---- | C] () -- C:\Windows\SysWow64\igmedkrn.dll
[2007/09/13 13:25:52 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2005/08/10 10:56:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\ESxUtil.dll
[2005/07/22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\TosCommAPI.dll
[2004/01/12 22:53:52 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[1996/11/18 00:00:00 | 000,748,160 | ---- | C] () -- C:\Windows\SysWow64\Co2c40en.dll
[1996/11/18 00:00:00 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\P2sodbc.dll
[1996/11/18 00:00:00 | 000,054,272 | ---- | C] () -- C:\Windows\SysWow64\P2irdao.dll
[1996/11/18 00:00:00 | 000,050,176 | ---- | C] () -- C:\Windows\SysWow64\P2ctdao.dll
[1996/11/18 00:00:00 | 000,036,352 | ---- | C] () -- C:\Windows\SysWow64\P2bbnd.dll
[1996/05/25 16:00:00 | 000,107,008 | ---- | C] () -- C:\Windows\SysWow64\fxtls432.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\MySportsbook Poker:MID
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\BetUSPoker:MID
< End of report >

descriptionwuauclt.exe EmptyRe: wuauclt.exe27th February 2010, 8:46 pm

more_horiz
OTL Extras logfile created on: 2/27/2010 12:37:08 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Users\Mowry\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 296.62 Gb Total Space | 163.03 Gb Free Space | 54.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOWRY-PC
Current User Name: Mowry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()
"C:\Program Files (x86)\ExamSoft\SofTest\SoftLnch.exe" = C:\Program Files (x86)\ExamSoft\SoftLnch.exe:*:Enabled:SofLaunch
-- File not found
"C:\Program Files (x86)\ExamSoft\SofTest\softest.exe" = C:\Program Files (x86)\ExamSoft\SofTest.exe:*:Enabled:SofTest
-- File not found
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()
"C:\Program Files (x86)\ExamSoft\SofTest\SoftLnch.exe" = C:\Program Files (x86)\ExamSoft\SoftLnch.exe:*:Enabled:SofLaunch
-- File not found
"C:\Program Files (x86)\ExamSoft\SofTest\softest.exe" = C:\Program Files (x86)\ExamSoft\SofTest.exe:*:Enabled:SofTest
-- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1CFFEB6F-D9F7-4D8F-B5C6-10655FC41691}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{395965AB-9598-4299-8746-5DEACD652053}" = lport=10243 | protocol=6 | dir=in | app=system |
"{44C39E11-4277-4960-B87D-8422C23B9AA8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{7CFFC17B-AA29-4B85-B080-37E3F81068FF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9A1EE0EA-A771-4D5F-82DC-D3A0F272015E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CDB5A118-01F6-4403-813A-D60E206AA676}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D60E075D-7734-4356-80A7-4B292DD9F700}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC01F982-BF0C-4E34-AA92-3DC1D675B209}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FB8C0CC4-D463-401F-8965-5CAF7EA80F90}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC91A116-C3F4-441E-A982-61BE64DF7384}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CB23DCA-780D-4409-8C83-3D30AF6E8D6C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{15DF3444-2E05-42C8-9515-826D1F0BA0D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{18F26D3A-AF35-4EE4-AC27-4D7579EC3780}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{1DC3F726-E7A3-4CD7-A70F-609700CA2D97}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2CB63EF0-9259-40A7-954B-8AD1305B898C}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{2CF8765F-1F72-4EC4-A072-B6DB5BF2C9C5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3100C7B0-025C-41B2-9F89-151E9A60E3EB}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\pcmservice.exe |
"{329BC070-6E1B-4B6E-AEA7-3D3619C63E74}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{35004185-C53E-41E2-9E60-E36CAD6C4340}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3C77AA39-899A-47EE-8283-AA9FF57BF448}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4492CAC6-82CF-4D15-8FA9-C21F60E490AF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{465645B1-215A-4840-9268-43ADF724B5DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C6E2FD7-071E-4007-8063-8827B43D2E7C}" = protocol=6 | dir=in | app=c:\program files (x86)\ruckus player\ruckus.exe |
"{5424019E-DCB2-40F9-80C5-727F344BD6AA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5817D8DC-DCF4-4C61-BF94-9B3F51BDC055}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{581FC982-4C79-45E0-B5E9-C73BB53BCDF9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5BF0B089-312E-486E-84EA-0180AD05B66E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{65A7A7FB-A9EE-42AB-819F-9A091D567D99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{699414C3-2E49-49FB-A931-259C32D79B2F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6BE4E6B1-4E3B-44DE-B674-89D47162A1DF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{71CA8A34-79F5-48BF-89C4-D207948EEF50}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{774DAAD7-57E4-4767-BCD6-2AE2EA366CA4}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{7EBA350B-6664-476F-ACFC-F55C04CCC3A1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{86B90048-286E-4C2B-9F51-FD1CE1010B7B}" = protocol=17 | dir=in | app=c:\program files (x86)\ruckus player\ruckus.exe |
"{8EFB5546-2A96-4154-A72B-34ED16F3788F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{90BD5DB5-2738-457B-9133-CAB79D79CAFD}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{9F22694C-58D0-42C1-B092-783E394A6D29}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9FE8730C-78A8-4A68-B6BB-7F4F8951D586}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\powercinema.exe |
"{A2779BA4-C7D7-456B-AACD-BF1618306ED8}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe |
"{A687DB2A-5274-4238-8716-4478FD58D79A}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{AC9BEB40-BFE6-4D3F-9BF2-3D42BB161E47}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B09BA098-EB5D-4283-9D4A-298B1549BEF4}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B44F2BFB-208B-4F6C-8ED8-6847D0174AA9}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{BC9198A0-6DCC-4426-84FA-17B9E61653B9}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\mediamallserver.exe |
"{C12722F7-7535-42A2-9E24-3F4185A1E84C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C173F3F4-45E5-41F7-ACD8-FF2865150CE4}" = protocol=6 | dir=out | app=system |
"{C895783C-20C7-4A63-9255-9AA37308A92B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1C498D6-63D7-4EE7-B3B9-B4E0293DB6F6}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe |
"{D32AF1FC-DE5D-457A-9206-DC9D72901624}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E6048F44-2210-44BE-A55F-2F9DDBAFB27B}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E9D1F75F-52DF-4DB7-9FF6-27149AB37A61}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{EA609156-27EB-4F36-8B2D-6D533C1DBC4E}" = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe |
"{F4F3CA40-3855-4E43-96B8-DFDF8128E5C1}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{F8DB6734-9042-4887-854B-65FF93A0941C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{076B3FBE-34BA-425A-8ACA-2B79230E8DA2}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{13128EAE-5761-42E1-9A96-86EF792786C5}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{292DADBC-0E37-4385-BC57-DF3E8A59827A}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{42785CA2-033F-42F2-8C8C-F55A3A927070}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{62ADE580-7106-441D-8BDC-9A04FEAC4FE5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{724EF39E-8273-4E5D-B435-74A2956F4FAA}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{8393F2AE-2699-4A1C-82B0-8835DA6ABA32}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{867360A4-A7B6-47F8-8D88-8E1DF652BD16}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{8B0B8D6C-4EEB-4CA3-B6E8-E92818508176}C:\program files (x86)\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"TCP Query User{98E901DC-54F2-4B28-AFC8-1984EEE17503}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{9C03C782-7777-4B27-B1D6-C81F3C9A049E}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{DBAF34AA-23F4-4AE2-BFD8-4FEE3A0CE68F}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{E57E7D33-D311-49C0-8B86-D70197D187BF}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{EC7D66F8-496E-43CC-8EF0-44F1332CA637}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{1A6B705E-1E9C-4814-ADCC-B49B1A439D06}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{200D9E98-0641-4C85-ACFD-CD51B2B5981F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{22A4013F-223E-4F66-ACEC-7771A124624F}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{3FF83FCA-7CAD-47E2-9F05-2A6D3766B07B}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{54C8591B-3B66-4A5B-8ED2-C3EEE4DACB62}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{6CF7449F-C28C-4B5A-93CB-ACAD8213DDD9}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{6DD28037-5A32-4258-87B0-ADE6B96478EA}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{997F867E-0E39-4826-9642-68FDFFD04191}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{B9FC64FA-51A8-419E-80FD-8CB6E7ACDEB4}C:\program files (x86)\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"UDP Query User{D3F3F50C-4AD8-4F56-B327-3C6CC7456FC4}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{DD122265-AD8D-4DED-A739-7E9410984FB2}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{E0CA5134-F6C0-48C8-9305-2AD9164883C4}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{E77E281F-9452-4ECA-9D79-0AAB357B896F}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{FA3DECD7-F1BB-4111-BDF1-AB74C1144575}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{39107B20-EA1C-4974-881C-607300BB3C99}" = MobileMe Control Panel
"{5BFB956C-3AB9-492A-9E91-5D8C87DCC599}" = Paint.NET v3.5.1
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel®️ Matrix Storage Manager
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{9C7AB2D0-7768-4708-B9DA-6C1F44C9833A}" = mCPlug
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Driver Software 9.0.A Corporate Edition
"{B812FCC0-6192-4BFA-A9C6-1E8578F255DA}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"ProInst" = Intel(R) PROSet/Wireless Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{37581790-832B-11DD-72AE-0F2A7B382CD6}" = Football Mogul 2009 Demo
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3AE76A6A-DE52-4920-9814-905CA5551C2D}" = Cisco NAC Agent
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E1ECEEC-814C-4B53-9E08-9B1F2FA83434}" = Easy MP3 Sound Recorder 2.01
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}" = CD/DVD Drive Acoustic Silencer
"{53B2F7DC-FC5F-43C2-BCF3-A06BD267138C}" = SofTest
"{5706E362-3161-46F1-A89A-61739E637EB1}" = FM Tuner Utility
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7D6AEC60-8017-11DD-153C-06F2EFF512DB}" = Football Mogul 2009
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC6D5EAF-D314-4f47-8951-42CF14CB7316}" = dj_aio_corporate
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C87D9E1D-A919-4FCD-98FE-692193937D06}" = The Political Machine 2008
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EBBE2FB2-FBED-44F6-B95F-230AB5A65B28}" = Goombah Partner COM Server
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FBD20D8D-3E6E-485D-B09C-EB5346241D49}" = PlayOn
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"AVG8Uninstall" = AVG Free 8.5
"BetUS Poker" = BetUS Poker
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Draft Day Sports: College Basketball" = Draft Day Sports: College Basketball
"False Flesh 1.00" = False Flesh 1.00
"Free RAR Extract Frog 1.00" = Free RAR Extract Frog 1.00
"Free Sound Recorder" = Free Sound Recorder
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder Toolbar3.02" = Freecorder Toolbar 3.02 Application
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Impulse" = Impulse
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"intelliScore Polyphonic WAV to MIDI Converter Demo" = intelliScore Polyphonic WAV to MIDI Converter Demo
"LimeWire" = LimeWire 5.2.13
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MySportsbookPoker" = MySportsbook Poker
"Out of the Park Baseball9" = Out of the Park Baseball 9
"Oval Office_is1" = Oval Office
"PDF Splitter and Merger 3.0" = PDF Splitter and Merger 3.0
"PokerStars" = PokerStars
"RealPlayer 12.0" = RealPlayer
"Ruckus Player" = Ruckus Player
"SopCast" = SopCast 3.0.3
"StreamTorrent 1.0" = Stream Torrent 1.0
"Switch" = Switch Sound File Converter
"TallStick TS-AudioToMIDI 3.20" = TallStick TS-AudioToMIDI 3.20 (remove only)
"TallStick TS-AudioToMIDI 3.30" = TallStick TS-AudioToMIDI 3.30 (remove only)
"The Political Machine 2008" = The Political Machine 2008
"ToneGen" = NCH Tone Generator
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.8a
"WavePad" = WavePad Sound Editor
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.7

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ESPN Java Check" = ESPN Java Check
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

descriptionwuauclt.exe EmptyRe: wuauclt.exe27th February 2010, 8:50 pm

more_horiz
Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    PRC - [2010/02/26 02:08:59 | 000,278,784 | ---- | M] () -- C:\Users\Mowry\AppData\Local\pmbuwk\ymdlsftav.exe
    O4 - HKCU..\Run: [exoyeuyj] C:\Users\Mowry\AppData\Local\pmbuwk\ymdlsftav.exe ()
    [2010/02/26 02:09:21 | 000,000,000 | ---D | C] -- C:\Users\Mowry\AppData\Local\pmbuwk
    [2010/02/27 00:56:44 | 003,874,379 | ---- | C] () -- C:\Users\Mowry\Desktop\ComboFix.exe



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

descriptionwuauclt.exe EmptyRe: wuauclt.exe27th February 2010, 9:29 pm

more_horiz
========== OTL ==========
Process ymdlsftav.exe killed successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\exoyeuyj deleted successfully.
C:\Users\Mowry\AppData\Local\pmbuwk\ymdlsftav.exe moved successfully.
C:\Users\Mowry\AppData\Local\pmbuwk folder moved successfully.
C:\Users\Mowry\Desktop\ComboFix.exe moved successfully.

OTL by OldTimer - Version 3.1.30.3 log created on 02272010_132808

descriptionwuauclt.exe EmptyRe: wuauclt.exe28th February 2010, 1:13 am

more_horiz
Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Java(TM) 6 Update 3
    LimeWire 5.2.13
    Viewpoint Media Player

  • Click on the Uninstall/Change button at the top.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

descriptionwuauclt.exe EmptyRe: wuauclt.exe

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum