[USFBULLS]

I have windows vista and it is a fairly new computer but seems to be moving very slow. there are also times where i go to close out a window in internet explorer and i get that same window opening like 60 times before I just shut the computer down. A friend told me to come here and said you guys were a huge help to him.

Thanks. Here is the log from SUPERAntiSpyware. I dont know if i have a bunch of unnecessary files or viruses but it took almost 4 hours to complete a full scan.

I am willing to do other scans using programs that you recommend to get this fixed.

Thanks


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/06/2010 at 09:07 PM

Application Version : 4.40.1002

Core Rules Database Version : 5163
Trace Rules Database Version: 2975

Scan type : Complete Scan
Total Scan Time : 03:59:12

Memory items scanned : 519
Memory threats detected : 0
Registry items scanned : 13394
Registry threats detected : 0
File items scanned : 196989
File threats detected : 107

Adware.Flash Tracking Cookie
C:\Users\McGuire\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L5BSCAZ4\BANNERFARM.ACE.ADVERTISING.COM
C:\Users\McGuire\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L5BSCAZ4\BEACONS.HOTTRAFFIC.NL
C:\Users\McGuire\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L5BSCAZ4\ACVS.MEDIAONENETWORK.NET
C:\Users\McGuire\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L5BSCAZ4\BROADCAST.PIXIMEDIA.FR
C:\Users\McGuire\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L5BSCAZ4\MEDIA.MTVNSERVICES.COM
C:\Users\McGuire\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L5BSCAZ4\MEDIA.NATIONALSAFETYCOMMISSION.COM
C:\Users\McGuire\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L5BSCAZ4\MEDIA.RESULTHOST.ORG
C:\Users\McGuire\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L5BSCAZ4\MEDIA.SCANSCOUT.COM
C:\Users\McGuire\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L5BSCAZ4\MEDIA.TATTOMEDIA.COM
C:\Users\McGuire\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L5BSCAZ4\MEDIA1.BREAK.COM
C:\Users\McGuire\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L5BSCAZ4\WDW1.WDPROMEDIA.COM
C:\Users\McGuire\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L5BSCAZ4\INTERCLICK.COM
C:\Users\McGuire\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L5BSCAZ4\UDN.SPECIFICCLICK.NET
C:\Users\McGuire\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L5BSCAZ4\EC.ATDMT.COM
C:\Users\McGuire\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L5BSCAZ4\CDN1.EYEWONDER.COM
C:\Users\McGuire\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L5BSCAZ4\M1.2MDN.NET
C:\Users\McGuire\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L5BSCAZ4\SECURE-US.IMRWORLDWIDE.COM

Adware.Tracking Cookie
acvs.mediaonenetwork.net [ C:\Users\McGuire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L5BSCAZ4 ]
bannerfarm.ace.advertising.com [ C:\Users\McGuire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L5BSCAZ4 ]
beacons.hottraffic.nl [ C:\Users\McGuire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L5BSCAZ4 ]
broadcast.piximedia.fr [ C:\Users\McGuire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L5BSCAZ4 ]
cdn1.eyewonder.com [ C:\Users\McGuire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L5BSCAZ4 ]
cdn4.specificclick.net [ C:\Users\McGuire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L5BSCAZ4 ]
core.insightexpressai.com [ C:\Users\McGuire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L5BSCAZ4 ]
ec.atdmt.com [ C:\Users\McGuire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L5BSCAZ4 ]
interclick.com [ C:\Users\McGuire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L5BSCAZ4 ]
m1.2mdn.net [ C:\Users\McGuire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L5BSCAZ4 ]
macromedia.com [ C:\Users\McGuire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L5BSCAZ4 ]
media.mtvnservices.com [ C:\Users\McGuire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L5BSCAZ4 ]
media.nationalsafetycommission.com [ C:\Users\McGuire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L5BSCAZ4 ]
media.resulthost.org [ C:\Users\McGuire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L5BSCAZ4 ]
media.scanscout.com [ C:\Users\McGuire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L5BSCAZ4 ]
media.tattomedia.com [ C:\Users\McGuire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L5BSCAZ4 ]
media.thewb.com [ C:\Users\McGuire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L5BSCAZ4 ]
media01.kyte.tv [ C:\Users\McGuire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L5BSCAZ4 ]
media1.break.com [ C:\Users\McGuire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L5BSCAZ4 ]
secure-us.imrworldwide.com [ C:\Users\McGuire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L5BSCAZ4 ]
spe.atdmt.com [ C:\Users\McGuire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L5BSCAZ4 ]
udn.specificclick.net [ C:\Users\McGuire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L5BSCAZ4 ]
wdw1.wdpromedia.com [ C:\Users\McGuire\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L5BSCAZ4 ]
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@247realmedia[1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@2o7[2].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@adbrite[2].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@adecn[1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@adinterax[1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@advertising[1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@apmebf[2].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@atdmt[1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@bluestreak[1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@casalemedia[1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@collective-media[2].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@doubleclick[1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@edgeadx[1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@eyewonder[1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@fastclick[1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@hitbox[2].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@imrworldwide[2].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@insightexpressai[1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@interclick[2].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@invitemedia[2].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@kontera[1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@liveperson[1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@liveperson[3].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@media6degrees[1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@mediafire[1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@mediaplex[1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@overture[1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@pointroll[1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@questionmarket[1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@realmedia[1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@revsci[2].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@ru4[2].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@serving-sys[2].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@specificclick[2].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@specificmedia[1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@statcounter[1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@tacoda[2].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@trafficmp[1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@tribalfusion[1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@yieldmanager[2].txt
C:\Users\McGuire\AppData\Roaming\Microsoft\Windows\Cookies\Low\mcguire@zedo[2].txt

[Advertisements]

Hi, USFBULLS! Welcome to GeeksToGo! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note:

• I am currently in training, so my replies will need to be quickly checked before I post them to you, so there may be a small delay in between.
• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.

OK, lets start


Lets run a couple of tools which will give me more info and help track down any malware, if present


Please do the following steps...


1)
OTL Custom Scan

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Standard Output is selected.
• Tick the Lop Check and Purity Check boxes.
• Copy and Paste the following into the Custom Scans/Fixes box at the bottom.
  
  netsvcs
  drivers32 /all
  %SYSTEMDRIVE%\*.*
  %systemroot%\system32\*.wt
  %systemroot%\system32\*.ruy
  %systemroot%\Fonts\*.com
  %systemroot%\Fonts\*.dll
  %systemroot%\Fonts\*.ini
  %systemroot%\Fonts\*.ini2
  %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
  %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
  %systemroot%\REPAIR\*.bak1
  %systemroot%\REPAIR\*.ini
  %systemroot%\system32\*.jpg
  %systemroot%\*.scr
  %systemroot%\*._sy
  %APPDATA%\Adobe\Update\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\user32.dll /md5
  %systemroot%\system32\ws2_32.dll /md5
  %systemroot%\system32\ws2help.dll /md5
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

2)
GMER Rootkit Scanner

• GMER Rootkit Scanner - Download - Homepage
• Download GMER
• Extract the contents of the zipped file to desktop.
• Double click GMER.exe.
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
• IAT/EAT
• Drives/Partition other than Systemdrive (typically C:\)
• Show All (don't miss this one)
  
  Click the image to enlarge it

• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.


In your next reply
Please post the contents of...
OTL log
GMER log

[BlackOxide]

Hi, USFBULLS! Welcome to GeeksToGo! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note:

• I am currently in training, so my replies will need to be quickly checked before I post them to you, so there may be a small delay in between.
• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.

OK, lets start


Lets run a couple of tools which will give me more info and help track down any malware, if present


Please do the following steps...


1)
OTL Custom Scan

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Standard Output is selected.
• Tick the Lop Check and Purity Check boxes.
• Copy and Paste the following into the Custom Scans/Fixes box at the bottom.
  
  netsvcs
  drivers32 /all
  %SYSTEMDRIVE%\*.*
  %systemroot%\system32\*.wt
  %systemroot%\system32\*.ruy
  %systemroot%\Fonts\*.com
  %systemroot%\Fonts\*.dll
  %systemroot%\Fonts\*.ini
  %systemroot%\Fonts\*.ini2
  %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
  %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
  %systemroot%\REPAIR\*.bak1
  %systemroot%\REPAIR\*.ini
  %systemroot%\system32\*.jpg
  %systemroot%\*.scr
  %systemroot%\*._sy
  %APPDATA%\Adobe\Update\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\user32.dll /md5
  %systemroot%\system32\ws2_32.dll /md5
  %systemroot%\system32\ws2help.dll /md5
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

2)
GMER Rootkit Scanner

• GMER Rootkit Scanner - Download - Homepage
• Download GMER
• Extract the contents of the zipped file to desktop.
• Double click GMER.exe.
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
• IAT/EAT
• Drives/Partition other than Systemdrive (typically C:\)
• Show All (don't miss this one)
  
  Click the image to enlarge it

• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.


In your next reply
Please post the contents of...
OTL log
GMER log

[USFBULLS]

thanks for your help!

here is the info you requested. please note that when i tried to do the GMER scan it did not allow me to check any boxes other than Services, Register, and Files. Then the C: and ADS were also checked. All other options where greyed out. After the scan was complete it said "no system modifications detected"

OTL logfile created on: 7/8/2010 6:48:30 PM - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Users\McGuire\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.95 Gb Total Space | 140.41 Gb Free Space | 63.83% Space Free | Partition Type: NTFS
Drive D: | 12.93 Gb Total Space | 2.44 Gb Free Space | 18.90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MCGUIRE-PC
Current User Name: McGuire
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/08 18:46:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\McGuire\Desktop\OTL.exe
PRC - [2010/06/21 17:36:36 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/04/11 02:27:39 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieuser.exe
PRC - [2007/08/31 12:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe


========== Modules (SafeList) ==========

MOD - [2010/07/08 18:46:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\McGuire\Desktop\OTL.exe
MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/07/10 10:28:28 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2008/10/25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007/08/31 12:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 15:35:00 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SymIM.sys -- (SymIMMP)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SymIM.sys -- (SymIM)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 22:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/18 07:31:30 | 000,320,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/12/06 16:41:08 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2007/09/09 18:13:26 | 000,207,872 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDART64.sys -- (HdAudAddService)
DRV:64bit: - [2007/07/11 13:30:34 | 000,009,088 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqRemHid.sys -- (HpqRemHid)
DRV:64bit: - [2007/07/10 10:28:16 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2007/06/20 08:32:58 | 001,478,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2007/06/20 08:30:18 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2007/06/20 08:29:14 | 000,740,352 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2007/06/18 20:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2007/03/26 22:48:24 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/03/19 15:09:36 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2007/02/27 19:10:38 | 000,053,760 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2006/10/06 22:13:22 | 000,550,912 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006/06/18 19:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2008/11/20 10:38:36 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - Reg Error: Value error. File not found
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\McGuire\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\McGuire\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{06dbd1fd-161d-11df-9f89-00238b1e2130}\Shell - "" = AutoRun
O33 - MountPoints2\{06dbd1fd-161d-11df-9f89-00238b1e2130}\Shell\AutoRun\command - "" = F:\PhotoViewer.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/07/08 18:46:32 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\McGuire\Desktop\OTL.exe
[2010/07/07 17:17:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/07/07 17:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/07/07 17:14:15 | 007,537,912 | ---- | C] (Microsoft Corporation) -- C:\Users\McGuire\Desktop\mssefullinstall-amd64fre-en-us-vista-win7.exe
[2010/07/07 17:11:16 | 000,000,000 | ---D | C] -- C:\Users\McGuire\Desktop\computer clean up stuff
[2010/07/07 17:06:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/07 17:05:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/07/07 12:12:50 | 000,000,000 | ---D | C] -- C:\Users\McGuire\Desktop\New Folder
[2010/07/06 17:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/07/06 17:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/06/24 03:02:03 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010/06/24 03:02:03 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/06/24 03:02:03 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/24 03:02:03 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/06/24 03:02:03 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/24 03:02:03 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/06/24 03:02:03 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/06/24 03:02:03 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010/06/23 19:10:04 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/06/23 19:10:04 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/06/23 19:10:03 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/06/23 19:10:03 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/06/21 18:39:52 | 000,000,000 | ---D | C] -- C:\Users\McGuire\AppData\Roaming\Malwarebytes
[2010/06/21 18:39:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/06/21 18:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/21 18:39:40 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/06/21 18:39:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/06/21 17:23:53 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/06/21 15:41:42 | 000,000,000 | ---D | C] -- C:\Users\McGuire\AppData\Roaming\WinRAR
[2010/06/21 15:41:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2010/06/08 21:21:52 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/06/08 21:21:52 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/06/08 21:21:52 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/06/08 21:21:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/06/08 21:06:23 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/06/08 21:06:23 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/06/08 21:06:23 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/06/08 21:06:22 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/06/08 21:06:22 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/06/08 21:06:21 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll
[2010/06/08 21:06:21 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2010/06/08 21:06:20 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2010/06/08 21:06:20 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

========== Files - Modified Within 30 Days ==========

[2010/07/08 18:47:09 | 002,097,152 | -HS- | M] () -- C:\Users\McGuire\ntuser.dat
[2010/07/08 18:46:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\McGuire\Desktop\OTL.exe
[2010/07/08 18:00:01 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010/07/08 17:03:16 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/08 17:03:16 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/08 13:10:21 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/08 13:10:21 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/08 13:10:21 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/08 13:03:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/08 13:03:18 | 000,028,029 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/07/07 17:14:24 | 007,537,912 | ---- | M] (Microsoft Corporation) -- C:\Users\McGuire\Desktop\mssefullinstall-amd64fre-en-us-vista-win7.exe
[2010/07/07 16:26:44 | 000,028,029 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/07/07 16:26:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/07 16:26:08 | 4025,929,728 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/07 16:25:18 | 000,524,288 | -HS- | M] () -- C:\Users\McGuire\ntuser.dat{9ebfcb9b-876b-11df-8954-00238b1e2130}.TMContainer00000000000000000001.regtrans-ms
[2010/07/07 16:25:18 | 000,065,536 | -HS- | M] () -- C:\Users\McGuire\ntuser.dat{9ebfcb9b-876b-11df-8954-00238b1e2130}.TM.blf
[2010/07/07 16:25:07 | 001,857,244 | -H-- | M] () -- C:\Users\McGuire\AppData\Local\IconCache.db
[2010/07/06 21:10:08 | 000,524,288 | -HS- | M] () -- C:\Users\McGuire\ntuser.dat{9ebfcb9b-876b-11df-8954-00238b1e2130}.TMContainer00000000000000000002.regtrans-ms
[2010/06/24 03:18:35 | 000,524,288 | -HS- | M] () -- C:\Users\McGuire\ntuser.dat{c6aa45e8-8d2a-11de-9220-00238b1e2130}.TMContainer00000000000000000001.regtrans-ms
[2010/06/24 03:18:35 | 000,065,536 | -HS- | M] () -- C:\Users\McGuire\ntuser.dat{c6aa45e8-8d2a-11de-9220-00238b1e2130}.TM.blf
[2010/06/20 13:56:36 | 000,006,944 | ---- | M] () -- C:\Users\McGuire\AppData\Local\d3d9caps.dat
[2010/06/18 20:18:49 | 000,000,264 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/06/09 03:47:12 | 000,398,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/07/04 08:57:50 | 000,524,288 | -HS- | C] () -- C:\Users\McGuire\ntuser.dat{9ebfcb9b-876b-11df-8954-00238b1e2130}.TMContainer00000000000000000002.regtrans-ms
[2010/07/04 08:57:50 | 000,524,288 | -HS- | C] () -- C:\Users\McGuire\ntuser.dat{9ebfcb9b-876b-11df-8954-00238b1e2130}.TMContainer00000000000000000001.regtrans-ms
[2010/07/04 08:57:50 | 000,065,536 | -HS- | C] () -- C:\Users\McGuire\ntuser.dat{9ebfcb9b-876b-11df-8954-00238b1e2130}.TM.blf
[2010/03/08 10:26:10 | 000,000,110 | ---- | C] () -- C:\Windows\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/09/20 16:41:47 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/20 16:39:24 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/30 18:32:27 | 000,000,050 | ---- | C] () -- C:\Windows\Winamp.ini
[2009/05/30 18:32:21 | 000,000,041 | ---- | C] () -- C:\Windows\winampa.ini
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== LOP Check ==========

[2010/02/27 11:41:18 | 000,000,000 | ---D | M] -- C:\Users\McGuire\AppData\Roaming\Avery
[2010/04/24 09:04:27 | 000,000,000 | ---D | M] -- C:\Users\McGuire\AppData\Roaming\GARMIN
[2010/01/02 14:23:38 | 000,000,000 | ---D | M] -- C:\Users\McGuire\AppData\Roaming\Simple Star
[2009/04/29 11:06:39 | 000,000,000 | ---D | M] -- C:\Users\McGuire\AppData\Roaming\Walgreens
[2010/07/08 18:00:01 | 000,000,470 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2010/07/07 16:25:11 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/07/30 17:48:29 | 000,000,000 | ---- | M] () -- C:\FileRecovery.log
[2010/07/07 16:26:08 | 4025,929,728 | -HS- | M] () -- C:\hiberfil.sys
[2008/04/24 22:19:27 | 000,000,384 | -H-- | M] () -- C:\IPH.PH
[2006/12/02 02:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/07/07 16:26:05 | 044,552,191 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 11:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 11:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 11:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/10/22 23:05:36 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:35:48 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >
[2004/06/01 14:35:20 | 000,417,792 | ---- | M] () -- C:\Windows\PhotoShow.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/20 22:49:43 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2008/01/20 22:49:43 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2009/04/11 02:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/20 22:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 05:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\SysWOW64\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >


OTL Extras logfile created on: 7/8/2010 6:48:30 PM - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Users\McGuire\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.95 Gb Total Space | 140.41 Gb Free Space | 63.83% Space Free | Partition Type: NTFS
Drive D: | 12.93 Gb Total Space | 2.44 Gb Free Space | 18.90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MCGUIRE-PC
Current User Name: McGuire
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 39 32 85 51 90 53 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{58569FD1-6AC7-47A7-97FF-698EE0EE9A34}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DD63E6E-A288-4A02-B1D2-C4DB75F6439C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{295063B4-BB72-4179-9D4D-D687A908DA4B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3D3D88FA-F1FE-4928-8B6C-C5F28E203E0B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{5679CABD-B4EF-4D56-8C66-7F92476E0B3F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{71B241DA-CF4A-4703-937C-5A7DF975456D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{99AD6303-C2D3-41A9-9BFC-8660169F9BA9}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
"{A26C5F0B-AD42-4CB0-B7F6-EE7255674430}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{E5CC40A9-4812-4A40-A3CF-62272A209667}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FF5AC1B7-DEAE-40D7-84CF-1731B20AD321}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{FF63ACFA-15E8-4FEE-9261-DF20D58A5DF0}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{11192F89-510C-4E23-A62A-D3BEA9139596}" = HP QuickTouch 1.00 C3
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{387D9916-BD27-480f-8CF0-3228832BBAA2}" = HP Deskjet D4300 Printer Driver Software 10.0 Rel .3
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90B5B05F-AFDA-4922-A153-45B14200BA77}" = SPBBC 64bit
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{A348C751-0EFF-4B9D-8065-B5339BEFBE27}" = HP Help and Support
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{07620C4F-0964-4086-A872-C9C12E418E52}" = DJ_SF_03_D4300_Software
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{24EFA94F-F3D6-4386-8824-B54712C9DC88}" = D4300_Help
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 20
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{36410ADA-8622-4C01-84A3-7C8842ECB6FB}" = RescuePRO DEMO
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{42C7C4D8-033E-44F9-BF34-43808A0686CC}" = D4300
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}" = LeapFrog Connect
"{8347A7A5-4AB8-433F-82AA-496B0D189A9B}" = HP User Guides 0088
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B0A7592-2AE0-48EA-A327-6EB7DAB25E4A}" = DJ_SF_03_D4300_Software_Min
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC33E708-A795-4AB3-908A-8F45919BC097}" = LeapFrog My Pals Plugin
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E60A3FF1-856E-4DD2-BFC6-FD9B976FE1C5}" = DJ_SF_03_D4300_ProductContext
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"F-Recovery for SD" = F-Recovery for SD
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"MyPalsPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
"PhotoShow Express" = PhotoShow Express
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"UPCShell" = LeapFrog Connect
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"Winamp3" = Winamp3 (remove only)
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/20/2010 1:56:37 PM | Computer Name = McGuire-PC | Source = Application Error | ID = 1000
Description = Faulting application javaw.exe, version 6.0.200.2, time stamp 0x4bc398b3,
faulting module java.dll, version 6.0.200.2, time stamp 0x4bc3c8dc, exception code
0xc0000005, fault offset 0x00004e46, process id 0x130c, application start time 0x01cb10a1ece30880.

Error - 6/20/2010 9:23:02 PM | Computer Name = McGuire-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1110 Start Time: 01cb10e016ed9210 Termination Time: 31

Error - 6/21/2010 5:28:35 PM | Computer Name = McGuire-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/21/2010 6:38:05 PM | Computer Name = McGuire-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/21/2010 9:45:41 PM | Computer Name = McGuire-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/24/2010 3:21:08 AM | Computer Name = McGuire-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/30/2010 8:37:51 PM | Computer Name = McGuire-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: ef4 Start Time: 01cb17eb8e4c0820 Termination Time: 281

Error - 6/30/2010 8:45:56 PM | Computer Name = McGuire-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 10c Start Time: 01cb18b6a828be20 Termination Time: 31

Error - 7/4/2010 8:58:59 AM | Computer Name = McGuire-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/6/2010 9:12:39 PM | Computer Name = McGuire-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 6/24/2010 6:32:55 PM | Computer Name = McGuire-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 6/27/2010 9:01:22 PM | Computer Name = McGuire-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 00234DB4C574 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 7/4/2010 8:57:32 AM | Computer Name = McGuire-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:54:09 AM on 7/4/2010 was unexpected.

Error - 7/4/2010 8:59:32 AM | Computer Name = McGuire-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 7/5/2010 3:24:26 AM | Computer Name = McGuire-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 7/6/2010 4:31:21 PM | Computer Name = McGuire-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 00234DB4C574 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 7/6/2010 9:12:50 PM | Computer Name = McGuire-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 7/7/2010 4:14:37 PM | Computer Name = McGuire-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 7/7/2010 4:28:02 PM | Computer Name = McGuire-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 7/7/2010 5:04:28 PM | Computer Name = McGuire-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >

[BlackOxide]

Hi,

Thanks for letting me know about GMER, this is normal as you have a 64bit OS, so no worries there

I can't see any obvious signs of malware in the OTL log, so lets do a couple more scans and see what they bring up. I'm also going to get you to run the Norton Removal Tool as there are quite a few leftover files belonging to Symantec and as you are now running Microsoft Security Essentials, these are not needed and may be causing a few issues.

Please follow the steps below, in order....


1)
Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

2)
Norton Removal Tool

• Click here to download the Norton Removal Tool and Save it to your Desktop
• Once downloaded, double click the downloaded file and follow the steps to fully remove Norton and it's associated files
• It should prompt to reboot the PC once it has finished, if it doesn't, reboot the PC to complete the removal

3)
Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


4)
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install
• Click Start
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic

How is the PC running now? Is it any quicker and is the problem with Internet Explorer displaying multiple copies of the same page still happening?

In your next reply
Please post the contents of...
MBAM log
ESET Online log
Update on how the PC is performing

[USFBULLS]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4306

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

7/12/2010 5:54:04 PM
mbam-log-2010-07-12 (17-54-04).txt

Scan type: Quick scan
Objects scanned: 133238
Time elapsed: 11 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



I tried the 2nd scan TWICE and both times if froze at the same place. something to do with WildTanget.

Is there some scan i can do to show you all the files on my computer and you can tell me what i dont need and how to delete it?

[BlackOxide]

Okie Dokie, leave the ESET Scanner for now then

I have a list provided by OTL, so I know the programs that are currently installed. I have done a quick list below. These programs, if you don't use them or need them, I would personally uninstall them. To uninstall a program, Click the Start button, then Control Panel, then make sure 'Classic View' is selected on the left and then choose Programs and Feautres. You will be presented with a list of programs that are installed on your PC. Remember though, don't uninstall things you haven't heard of, as they may well be needed by the operating system

Here's a list of items that could be removed, if you don't use them anymore....

WeatherBug Gadget
The Sims™ Life Stories
Skype™ 4.0
muvee autoProducer 6.1
Avery Wizard 3.1
LabelPrint
PhotoShow Express
Viewpoint Media Player
My HP Games
Yahoo! Toolbar


Let me know how you get on. Is the PC still running slowly and is the problem with Internet Explorer still happening?