dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
share rss forum feed


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to vzDE

Re: Spamming issue - Logs Included

There are still some items that need removing but I want to know if there is an Add/Remove Programs entry for them.

I need the OTL Extras log to check for the uninstallers. It's only produced on the first run, but we can force it.

Start OTL, in the Extra Registry section, select 'Use Safelist', the run the scan.

Post both the new OTL log and the Extras log in this thread (attach as needed)
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum


vzDE

join:2006-11-23
Newark, DE

downloadOTL.Txt 82,632 bytesdownloadExtras.Txt 52,610 bytes
Thanks for waiting, just got back to the in-law's house. Due to file size otl.txt and extras.txt are attached.


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast

OTL logfile created on: 6/14/2012 11:56:06 AM - Run 7
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\Ron\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 53.90% Memory free
5.96 Gb Paging File | 4.74 Gb Available in Paging File | 79.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.43 Gb Total Space | 194.93 Gb Free Space | 68.05% Space Free | Partition Type: NTFS
Drive D: | 11.66 Gb Total Space | 1.58 Gb Free Space | 13.51% Space Free | Partition Type: NTFS
Drive J: | 15.01 Gb Total Space | 12.84 Gb Free Space | 85.51% Space Free | Partition Type: FAT32

Computer Name: RON-PC | User Name: Ron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/05/31 09:34:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ron\Desktop\OTL.exe
PRC - [2011/11/28 14:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/11/28 14:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/11/03 19:19:24 | 000,094,024 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/06/07 04:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 04:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 04:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 04:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 04:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/06/07 03:23:19 | 009,252,040 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
MOD - [2012/05/31 18:19:32 | 004,050,944 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.2\libGLESv2.dll
MOD - [2012/05/31 18:19:32 | 000,100,864 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.2\libEGL.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 -- (Norton Internet Security)
SRV - [2012/05/04 18:56:14 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/11/28 14:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/11/03 19:19:24 | 000,094,024 | ---- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/18 14:38:43 | 000,129,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/01/20 22:25:11 | 000,053,760 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2008/01/20 22:24:20 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\AFE2.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2011/11/28 13:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 13:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 13:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 13:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 13:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 13:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/04/11 00:13:59 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2008/09/27 02:51:00 | 007,478,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/09/26 06:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008/09/10 08:48:20 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/09/10 08:46:22 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/09/04 07:34:34 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/08/01 08:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/21 12:12:50 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/07/21 12:12:22 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/05/22 05:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/20 22:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,041,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:26 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:24 | 000,022,072 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:23 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:22 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,094,776 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:20 | 000,105,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2008/01/20 22:23:20 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2008/01/20 22:23:20 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2008/01/20 22:23:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2008/01/20 22:23:03 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/01/20 22:23:02 | 000,030,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2008/01/20 22:23:01 | 000,248,832 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/01/20 22:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/01/20 22:23:01 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2008/01/20 22:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2008/01/20 22:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2008/01/20 22:23:00 | 000,028,728 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci)
DRV - [2008/01/20 22:23:00 | 000,020,792 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:00 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide)
DRV - [2008/01/20 22:23:00 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/20 22:23:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2008/01/20 22:23:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev)
DRV - [2006/11/02 05:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006/11/02 04:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006/11/02 04:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006/11/02 04:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr)
DRV - [2006/11/02 04:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2005/12/12 13:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm039YYus&ptb=24DEA250-F94D-4F89-85CF-084826AC4C2C&ind=2012021914&ptnrS=ZXxdm039YYus&si=radiopi&n=77ed049a&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{256DBC0A-6867-4511-B430-96D26BA7A778}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AA2BE316-DC4D-4562-BB53-A9DCF6897679}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm039YYus&ptb=24DEA250-F94D-4F89-85CF-084826AC4C2C&ind=2012021914&ptnrS=ZXxdm039YYus&si=radiopi&n=77ed049a&psa=&st=sb&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{256DBC0A-6867-4511-B430-96D26BA7A778}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=5A255C6001CABBF5016D549C&install_time=2010-03-04T23:49:35Z&src_id=11076&camp_id=-3&tb_version=2.5.9000.490
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_en
IE - HKCU\..\SearchScopes\{AA2BE316-DC4D-4562-BB53-A9DCF6897679}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/home/?search={searchTerms}&loc=search_box
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\firefox\ File not found
FF - HKLM\Software\MozillaPlugins\@RadioRage_4j.com/Plugin: C:\Program Files\RadioRage_4j\bar\1.bin\NP4jStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ron\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ron\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4jffxtbr@RadioRage_4j.com: C:\Program Files\RadioRage_4j\bar\1.bin [2012/05/31 13:15:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/09 16:38:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/09 16:38:49 | 000,000,000 | ---D | M]

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ron\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ron\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ron\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010/01/20 13:12:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (RadioRage) - {78ba36c9-6036-482b-b48d-ecca6f964b84} - C:\Program Files\RadioRage_4j\bar\1.bin\4jbar.dll File not found
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (RadioRage) - {78BA36C9-6036-482B-B48D-ECCA6F964B84} - C:\Program Files\RadioRage_4j\bar\1.bin\4jbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0674107A-2CD4-4F44-868E-9E5F828F0DC8}: DhcpNameServer = 192.168.1.1 71.242.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\horizon.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\horizon.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/06/14 10:56:07 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Ron\Desktop\OTL.exe
[2012/06/13 03:01:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/13 03:01:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/13 03:01:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/13 03:01:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/13 03:01:13 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/13 03:01:13 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/13 03:01:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/12 22:54:23 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/05 10:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/06/05 10:38:54 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/05/31 15:13:55 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/05/31 15:08:57 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\QuickScan
[2012/05/31 12:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012/05/18 07:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/18 07:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/06/14 11:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/14 11:28:04 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/14 11:28:04 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/14 11:26:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/14 11:18:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-758517520-4224873453-800305309-1000UA.job
[2012/06/14 10:36:02 | 000,604,268 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/14 10:36:01 | 000,103,968 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/13 20:26:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/13 15:18:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-758517520-4224873453-800305309-1000Core.job
[2012/06/13 03:28:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/13 03:27:57 | 000,326,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/13 03:26:03 | 3085,414,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/12 19:04:52 | 002,640,568 | ---- | M] () -- C:\Users\Ron\Desktop\IMG_0168.JPG
[2012/06/11 21:21:25 | 000,002,034 | ---- | M] () -- C:\Users\Ron\Desktop\Google Chrome.lnk
[2012/06/11 21:21:25 | 000,001,996 | ---- | M] () -- C:\Users\Ron\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/09 12:11:38 | 002,702,844 | ---- | M] () -- C:\Users\Ron\Desktop\IMG_0164.JPG
[2012/06/09 11:32:42 | 002,510,414 | ---- | M] () -- C:\Users\Ron\Desktop\IMG_0156.JPG
[2012/06/09 10:56:44 | 002,491,171 | ---- | M] () -- C:\Users\Ron\Desktop\IMG_0149.JPG
[2012/06/09 10:52:28 | 001,934,715 | ---- | M] () -- C:\Users\Ron\Desktop\IMG_0145.JPG
[2012/06/09 10:52:08 | 002,073,360 | ---- | M] () -- C:\Users\Ron\Desktop\IMG_0144.JPG
[2012/05/31 15:24:31 | 000,002,034 | ---- | M] () -- C:\Users\Ron\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2012/05/31 09:34:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ron\Desktop\OTL.exe
[2012/05/17 18:45:37 | 001,800,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/05/17 18:35:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/05/17 18:33:08 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/05/17 18:31:16 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/05/17 18:29:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/05/17 18:24:45 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/05/17 18:20:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/05/15 15:51:08 | 002,045,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/06/12 21:24:55 | 002,640,568 | ---- | C] () -- C:\Users\Ron\Desktop\IMG_0168.JPG
[2012/06/10 20:19:22 | 001,934,715 | ---- | C] () -- C:\Users\Ron\Desktop\IMG_0145.JPG
[2012/06/10 20:17:28 | 002,510,414 | ---- | C] () -- C:\Users\Ron\Desktop\IMG_0156.JPG
[2012/06/10 20:15:54 | 002,491,171 | ---- | C] () -- C:\Users\Ron\Desktop\IMG_0149.JPG
[2012/06/10 20:14:34 | 002,702,844 | ---- | C] () -- C:\Users\Ron\Desktop\IMG_0164.JPG
[2012/06/10 20:11:00 | 002,073,360 | ---- | C] () -- C:\Users\Ron\Desktop\IMG_0144.JPG
[2012/05/31 15:24:31 | 000,002,034 | ---- | C] () -- C:\Users\Ron\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2012/05/31 15:13:57 | 000,002,034 | ---- | C] () -- C:\Users\Ron\Desktop\Google Chrome.lnk
[2012/05/31 15:13:57 | 000,001,996 | ---- | C] () -- C:\Users\Ron\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/05/31 15:13:24 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-758517520-4224873453-800305309-1000UA.job
[2012/05/31 15:13:23 | 000,000,848 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-758517520-4224873453-800305309-1000Core.job
[2012/05/09 16:32:05 | 000,207,281 | ---- | C] () -- C:\Windows\hpwins28.dat
[2012/05/09 15:55:03 | 000,207,523 | ---- | C] () -- C:\Windows\hpwins28.dat.temp
[2012/05/09 15:55:03 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp
[2012/01/26 12:46:51 | 000,000,288 | ---- | C] () -- C:\Users\Ron\AppData\Roaming\.backup.dm

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast

OTL Extras logfile created on: 6/14/2012 11:56:06 AM - Run 7
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\Ron\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 53.90% Memory free
5.96 Gb Paging File | 4.74 Gb Available in Paging File | 79.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.43 Gb Total Space | 194.93 Gb Free Space | 68.05% Space Free | Partition Type: NTFS
Drive D: | 11.66 Gb Total Space | 1.58 Gb Free Space | 13.51% Space Free | Partition Type: NTFS
Drive J: | 15.01 Gb Total Space | 12.84 Gb Free Space | 85.51% Space Free | Partition Type: FAT32

Computer Name: RON-PC | User Name: Ron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-758517520-4224873453-800305309-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-758517520-4224873453-800305309-1001]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009BAC30-DED2-47E0-A1FD-D5FFDD4BC0A4}" = rport=139 | protocol=6 | dir=out | app=system |
"{12BC1C90-92BC-4FBE-A3E8-BDACB7720922}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1D03213B-E8DA-4966-9601-FFB28E4C6134}" = lport=445 | protocol=6 | dir=in | app=system |
"{20F9E85A-D479-4771-A377-1C2600C0A7C5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{23717150-DB57-4E5A-9264-661CC674D4EE}" = rport=138 | protocol=17 | dir=out | app=system |
"{2FA104BF-686C-42BB-A96E-1EB368BE163A}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{3176F239-F6C1-4526-8E65-CEB4150BE83D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{334E105B-5F7E-43DE-813B-85F6DF781D96}" = lport=2869 | protocol=6 | dir=in | app=system |
"{40562FDA-C22F-42B0-8350-2033EB444F71}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41991003-9551-4CF4-AC47-62F196709FE6}" = rport=445 | protocol=6 | dir=out | app=system |
"{5DE73741-5AE7-4C3B-8559-7CA2B7A6E681}" = lport=10243 | protocol=6 | dir=in | app=system |
"{674CE4E8-D77A-4141-A77D-C15003C7D6FD}" = lport=137 | protocol=17 | dir=in | app=system |
"{67F28240-C59B-45F4-ABE2-E0536918523C}" = rport=137 | protocol=17 | dir=out | app=system |
"{7800D0FF-147C-4A74-878D-5776DEA423AC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84FBE3E1-3AA3-4C42-A660-D96C6EEB63D0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{914FF7BA-1AB0-4A8D-A3A5-DE21D0325C6D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A7157FCF-FC5C-4C52-BCEB-2CE7DB5F28C3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C8390940-0A3C-4346-B03D-1452087767F0}" = lport=139 | protocol=6 | dir=in | app=system |
"{D1883401-D35D-4DDF-8A3C-1588A2F1625C}" = lport=138 | protocol=17 | dir=in | app=system |
"{E47FB57B-EADB-4208-9DF6-9125AB62F1F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B2C171-DFE1-4149-A219-F3D954C8413C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{09115D7D-93B9-45C7-B3A3-4C061EB3DF38}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{14A1C168-D169-4E3E-9939-45BF058048E1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{16295E9A-10FD-44A0-A305-77B68836F304}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{1855F1AD-A3E2-493D-8B4B-A3AD7214942A}" = dir=in | app=e:\setup\hpznui01.exe |
"{187C8F01-8CC7-445D-8CF4-3EBF853777A8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{1AF35E71-7A1D-47ED-B4B6-460CEF55A015}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{23A5EE76-A761-4C46-B7B2-9D5C5308D19F}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{2E04A711-6400-4852-A9A6-EF334E9D5A83}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{3A6EDA17-6893-41CC-BC2E-519145F48B7B}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{3ACDC5F9-444C-42CB-841D-56395D59A419}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{3C8BFCC2-1720-4A8F-A9CA-B3063DBE95FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3ED01A3F-7DAA-4BA2-B9A9-3C8F4314B558}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{4C7CE8BA-787D-4A55-8BC6-F9EEA9A0FA75}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50381C56-3C26-4DE6-B5E9-2AD213D208A4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{536FF840-4829-4DFE-8BCF-B59569857E28}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{5526BB26-B29E-4012-9FB1-6FF7F3CEAAF8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{57003204-5661-4A44-86BC-D82B784CB343}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{57F41B62-C301-4A56-834B-41DE02A74945}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5DEFBEC8-250F-459D-8F09-57748C541C60}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe |
"{5E32E0A0-E8CF-405D-9D67-66122ECA3607}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{5E6E4FC4-64FF-4761-AFFB-1448093B08DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{60C44C34-05B8-4720-9DAA-C699D2584AEE}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{68DE31BA-8AB7-493A-806A-2DC46FC04D7F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A31F05F-4F4F-4E6E-819A-362C3716679D}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{6DDAB1AF-DAD1-4442-BFFB-BD77930482A4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{6E457987-3D3C-4651-BAD4-88ED98E99C56}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{70601D97-D0F8-4371-9261-49D20066F3D7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{75C4DF0A-863F-4B6C-835E-0567D0E949C3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7682CC10-F410-4A12-A27D-8E4A5C3CC390}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D89D8CA-7F5C-4106-A98D-A08BE42114E2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7D9C1CE4-9741-4790-B99A-88B8053472F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7FB5C4B4-3DDD-4301-B6E1-9D4A3BFC7A9D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{820F5079-39A4-4743-80FF-4C4963E6D19F}" = protocol=6 | dir=out | app=system |
"{83728A66-CE6A-400B-AEFF-B2F717C6CAEA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87DACD06-5F67-4878-A3BE-703FFE2FED87}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{896C66E8-1205-48BD-8B96-0DF63D971F0C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{8C4B5994-824D-438A-821F-FADC61F1841A}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{A2120952-E198-451B-B3E4-83CE239808EE}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{A77DF239-FCB2-4747-824F-C0C65F26846F}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{A89355CA-092A-40E7-BF13-14030092BEF9}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{ADC7EBF4-9567-4C50-BFE2-6A57FC71ED24}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AEAC3628-FF8C-4895-ABA9-582E825148EE}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{AF0B70C6-77B5-4927-B0E9-DC3242DF4C29}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B8523CDC-0B05-40AB-ABAF-83F6498BFEF3}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{CA9CC10D-8953-4E5B-90FE-AD26BB8761BE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{D210531B-7FF1-4FD2-A537-E33040717145}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D545FF71-560A-4E7E-BBA7-A85E5354E059}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D58968CA-279B-4792-BC30-E497960C4849}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D9B1730D-B92F-4426-A016-676A07AB942F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DF13D418-B70B-4098-BD3B-822C6C737280}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E0EB8AA7-DF40-4EE4-AB3C-44E5E5B5DD68}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FC995787-7E55-4D53-A97A-B2A6C9578E4A}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{FD0C3760-113D-4A18-9B86-74EA012D0856}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe |
"TCP Query User{15FD9A94-0B4B-4FBD-840A-97681AABE978}C:\program files\wildgames\bicycle texas hold em\bicyclepoker.exe" = protocol=6 | dir=in | app=c:\program files\wildgames\bicycle texas hold em\bicyclepoker.exe |
"TCP Query User{1729F97C-EA1A-4AD2-97E3-15D451381CB9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{AC0BC883-581F-4353-969F-D151A07FFC20}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{E4297AB1-CB67-4E44-A056-B4051CE57CBE}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{9E3F47C9-41EF-4759-8CA2-CFDFFCB7F409}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{DCC47CF1-ED33-4BCA-BD3E-60221086FA99}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{F9B8B3CC-2436-48C6-9E97-CE8D4261E924}C:\program files\wildgames\bicycle texas hold em\bicyclepoker.exe" = protocol=17 | dir=in | app=c:\program files\wildgames\bicycle texas hold em\bicyclepoker.exe |
"UDP Query User{FCD6E6F1-7653-427B-85CE-C44F72231574}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{13BBBB38-22D8-4BF1-80CA-7D54152C2980}" = WebSlingPlayer ActiveX
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19506BDB-4EA7-491F-E8AB-E97109FDB296}" = muvee Reveal
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{49EB3B4F-E42C-4F0A-8C28-4205F891DF85}" = TouchCopy 09
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4FAB5122-775E-4418-B8D9-E2873BC93570}" = Microsoft Live Search Toolbar
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}" = Driver Detective
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2016015-8323-4AF8-8B3E-F56239D7D59D}" = HP Demo
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{EFC5939F-470F-454E-B3DA-F51FDD83F6CE}" = HP MediaSmart SmartMenu
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"ESET Online Scanner" = ESET Online Scanner v3
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}" = Driver Detective
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MediaWidget - Easy iPod Transfer_is1" = MediaWidget 6.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"SelectRebatesUninstall" = ShopAtHome.com Toolbar
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"StreamTorrent 1.0" = StreamTorrent 1.0
"TTB000001.TTB000001Toolbar" = CouponBar
"Veetle TV" = Veetle TV
"WildTangent hp Master Uninstall" = HP Games
"WTA-91ea5710-b151-4306-9838-73b5b330b7cd" = Bicycle Texas Hold 'em

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 5/28/2012 10:33:16 AM | Computer Name = Ron-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/28/2012 10:33:16 AM | Computer Name = Ron-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/28/2012 10:33:16 AM | Computer Name = Ron-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/28/2012 10:33:53 AM | Computer Name = Ron-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/28/2012 10:33:54 AM | Computer Name = Ron-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/28/2012 10:33:55 AM | Computer Name = Ron-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/28/2012 7:54:34 PM | Computer Name = Ron-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/31/2012 11:16:38 AM | Computer Name = Ron-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/31/2012 1:17:29 PM | Computer Name = Ron-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/31/2012 3:24:41 PM | Computer Name = Ron-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 5/31/2012 1:17:29 PM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 6/5/2012 11:38:29 AM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/5/2012 11:38:29 AM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/5/2012 11:38:29 AM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 6/9/2012 7:36:57 PM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/9/2012 7:36:57 PM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/9/2012 7:36:57 PM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 6/13/2012 3:29:04 AM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/13/2012 3:29:04 AM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/13/2012 3:29:04 AM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7026
Description =

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~