dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
4
share rss forum feed


Jeffrey
Connoisseur of leisurely things
Premium
join:2002-12-24
Long Island
kudos:3
Reviews:
·voip.ms
·Verizon FiOS
·Vonage
reply to Jeffrey

Re: Is this PC infected?

EXTRAS.TXT

OTL Extras logfile created on: 7/11/2012 9:47:31 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\kim\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 45.12% Memory free
7.98 Gb Paging File | 6.00 Gb Available in Paging File | 75.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.72 Gb Total Space | 398.72 Gb Free Space | 87.88% Space Free | Partition Type: NTFS
Drive D: | 11.95 Gb Total Space | 2.17 Gb Free Space | 18.19% Space Free | Partition Type: NTFS

Computer Name: KIM-PC | User Name: kim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe" = C:\Program Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe -- (Skinkers Communications)
"C:\Program Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe" = C:\Program Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe -- (Skinkers Communications)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe" = C:\Program Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe -- (Skinkers Communications)
"C:\Program Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe" = C:\Program Files (x86)\American Airlines DealFinder\American_Airlines_DealFinder.exe -- (Skinkers Communications)

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0123D01B-9FDB-4D89-9182-7DD0186000EF}" = rport=139 | protocol=6 | dir=out | app=system |
"{1AF780D4-DC33-462D-857C-1158A8B4765E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3187C89F-BE6C-4115-A8E4-59256725AF24}" = rport=445 | protocol=6 | dir=out | app=system |
"{3327741C-E000-4024-B9A1-61B0BF775F15}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{38713877-20EB-43E8-9D2E-9D325ADC7A85}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3ACB6018-B801-41CE-BF35-3D6A7B991B33}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{496A5525-8B11-4498-87E9-198D01897CA2}" = lport=445 | protocol=6 | dir=in | app=system |
"{543E0CFD-AF41-4D92-9045-B7C67250246E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{658F0FA4-63AD-4F28-BDC2-C1FC692F9430}" = rport=138 | protocol=17 | dir=out | app=system |
"{6B4AFB30-9429-479B-ADA3-A11993504559}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6FBB2945-F8B9-4617-AA0A-56DDEAF2E636}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7034A96B-027D-4B76-A20A-CF96EF7AB826}" = lport=138 | protocol=17 | dir=in | app=system |
"{7B6DBD1E-C3CB-4886-A1B0-F89FD4D1D3ED}" = lport=137 | protocol=17 | dir=in | app=system |
"{7BF04354-CA46-4753-93B8-D659B33B0A39}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A118F8F1-BB60-499F-8749-B2121CF4E0F3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF30EA06-52D9-4E96-B520-9899AF0AEF49}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B2B7BB87-83BF-45D7-9ED0-DE06D37B6232}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C5426BD3-FA22-46D4-A188-080175D56FA3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CBEF0ED1-0258-4766-BDDF-A6B6F487CCCF}" = rport=137 | protocol=17 | dir=out | app=system |
"{D153C395-D1A8-4CFA-9069-D12A2FF12293}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D5FB5BDA-7E8B-43DD-9B9D-D6D5C2E15A81}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D61D9534-B27C-4213-BA1E-16AE94F6262E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F0BCBB61-DFB1-4CAB-B396-0DD412248B58}" = lport=139 | protocol=6 | dir=in | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09465775-2867-42A9-935F-C31A01C89643}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{13A9AC43-A5A5-49FE-BF27-2851F5508CB7}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{17626CE9-DE35-4555-86EA-9BECBB936462}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1995747A-A66A-4118-AA79-D53B5A615722}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1BAF501C-0C99-4217-BB6F-FB94AC9B9918}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{25CC5245-A258-4FFA-96BC-4582E8258371}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{326FA30D-9501-4DD6-A89F-A19EEB058361}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{363E2750-E3FF-4F69-B927-FC104D6CB7E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3F512A65-E71B-4455-9964-63DF18393931}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{4065D34D-3CBC-4FD1-B47C-236A970F649D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{46A32259-CB4D-46DA-B7A7-D31394591A52}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{473723DE-5F21-4A49-8DDA-BD333B4B43D3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{48B89C30-B9B7-4BE4-89E2-CBC3828750D4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4A028820-CCF8-4F1F-8994-EE5D8F611C73}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{4B258193-1DCA-4409-8029-128D912F7A55}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{4BBC4292-49A4-4124-B874-FDC81866C7CE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{586CC949-E695-4BF3-BDC9-660B3A71AEBB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5A4BBCA3-C4FB-4AD6-8D03-8B665C1B9D30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5CB216D6-80F9-4567-BF5E-B51AC379B6DC}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{5EFC787D-53DB-407C-968D-65EAD107CC94}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{605789A6-2FB7-4A97-994B-7B6DCD0D3876}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{62BB38EB-3714-446E-8C98-5F39130DB581}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{65FD7CD5-7EDA-493F-BB5C-BAE64B8EC91E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{7184B98C-BCE4-4415-AE77-829E01FA9198}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7E9B213B-5C1B-4625-8E57-1897874680CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{80855AD1-9519-476F-8964-5FE3756097BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8465BFCF-D3B9-4642-9033-9CFE4DC34240}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{85C9FA15-69BD-46B9-A243-3B83CD3B61FD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{88CD7623-3B49-4A66-B2F3-ED64478BEB12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{930B7BD4-711F-4D0D-B36C-620E0FB9C94D}" = protocol=6 | dir=out | app=system |
"{970E5F6C-8F82-4568-99FD-8A5E83BD3D2A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9DDC311C-99D3-411D-B339-AE42437975AB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9F252303-670F-4898-9A3F-9C336CA334D9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A05ED65F-1B57-40D6-84CA-E849E531EBF8}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{B10B035F-5C23-4CB7-887D-D0CD852943F3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BA02F517-797F-4F47-9D8B-727370A43F5C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BE4B3CE7-7C5B-416D-890F-647DD0757D4D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{CA1A5CEF-84CC-48BA-9FFA-BD3CF020C4C5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{CBD5BA76-0B38-4CB2-9AA1-4D6B6E8EDC8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DD31F8E9-3961-4E8C-AE33-6913C1F30C61}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EB32928F-4DF1-4D44-940A-5B6CBDC1909E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{FC63B8ED-AAC5-4DD5-ADAD-50373268EADC}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{FFD26CBB-A4CA-48EC-A2B3-3D3B4C9CD5B0}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"TCP Query User{2AB5CF94-452E-45C3-873A-3F5177192F5E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{2540F9CC-366B-4374-BAEB-730A48E3D649}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{065717D4-B980-434B-B778-0F14FBDB4AC3}" = Cisco AnyConnect VPN Client
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{37D59F62-2FC7-412D-AA55-3D0E6A9BD9C7}" = Microsoft Live Search Toolbar
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"Adobe AIR" = Adobe AIR
"American Airlines DealFinder" = American Airlines DealFinder (remove only)
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"Homepage Protection" = Homepage Protection
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"N360" = Norton 360
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SelectRebatesUninstall" = ShopAtHome SelectRebates
"TTB000001.TTB000001Toolbar" = CouponBar
"WildTangent hp Master Uninstall" = HP Games
"YTdetect" = Yahoo! Detect
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 6/25/2012 11:17:34 AM | Computer Name = kim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4555

Error - 6/25/2012 11:17:35 AM | Computer Name = kim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/25/2012 11:17:35 AM | Computer Name = kim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5553

Error - 6/25/2012 11:17:35 AM | Computer Name = kim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5553

Error - 6/25/2012 11:17:36 AM | Computer Name = kim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/25/2012 11:17:36 AM | Computer Name = kim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6552

Error - 6/25/2012 11:17:36 AM | Computer Name = kim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6552

Error - 6/25/2012 11:17:37 AM | Computer Name = kim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/25/2012 11:17:37 AM | Computer Name = kim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7550

Error - 6/25/2012 11:17:37 AM | Computer Name = kim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7550

[ Hewlett-Packard Events ]
Error - 5/13/2012 3:14:40 PM | Computer Name = kim-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 4086 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/16/2012 7:51:13 AM | Computer Name = kim-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 5/16/2012 7:54:31 AM | Computer Name = kim-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 5/16/2012 8:03:15 AM | Computer Name = kim-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 4086 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/16/2012 8:03:15 AM | Computer Name = kim-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 4086 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/21/2012 8:24:08 PM | Computer Name = kim-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 4086 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/21/2012 8:24:09 PM | Computer Name = kim-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 4086 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/27/2012 12:04:03 PM | Computer Name = kim-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 4086 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/27/2012 12:04:03 PM | Computer Name = kim-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 4086 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 6/3/2012 11:35:52 AM | Computer Name = kim-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 4086 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

[ System Events ]
Error - 9/5/2011 11:00:52 AM | Computer Name = kim-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 9/6/2011 8:19:11 AM | Computer Name = kim-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 9/6/2011 8:20:15 AM | Computer Name = kim-PC | Source = DCOM | ID = 10010
Description =

Error - 9/28/2011 10:48:50 PM | Computer Name = kim-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 10/4/2011 8:01:57 AM | Computer Name = kim-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/4/2011 8:02:06 AM | Computer Name = kim-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/4/2011 8:03:06 AM | Computer Name = kim-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Apple Mobile Device service,
but this action failed with the following error: %%1056

Error - 10/15/2011 10:59:37 PM | Computer Name = kim-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 10/30/2011 10:32:29 AM | Computer Name = kim-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/30/2011 12:51:17 PM | Computer Name = kim-PC | Source = DCOM | ID = 10010
Description =

CHECKUP.TXT

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]

Windows Firewall Enabled!
ESET Online Scanner v3
Norton 360
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u]

Java(TM) 6 Update 26
[color=red]Out of date Java installed![/color]
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]

Norton ccSvcHst.exe
ESET ESET Online Scanner OnlineCmdLineScanner.exe
``````````End of Log````````````

ESET ONLINE SCANNER(FOUND NOTHING)

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
--
He used to say that soul shine, is better than sunshine, better than moonshine, damn sure better than rain.

Debunking the 2012 hysteria. | Always looking for a new job | Begging the Wilpons to sell the Mets.