Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Email Spam [Closed]


  • This topic is locked This topic is locked

#1
yoursangoma

yoursangoma

    Member

  • Member
  • PipPip
  • 72 posts
This has happened a couple times in the last couple of weeks. My hotmail account sends out random emails to people in my contact list. I am not initiating these emails. The emails contain no subject and only a link. Such as this one

hxxp://ronmcclarin.com/wp-content/plugins/extended-comment-options/infolife.php?power128.html

Is this a virus or is my account hacked?

Edited by SweetTech, 25 February 2012 - 07:32 AM.
Disabled live link.--ST

  • 0

Advertisements


#2
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello yoursangoma and welcome to GeeksToGo :)

My nickname is GLeobas and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.

  • 0

#3
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

# Step 1 #

Please, change your Hotmail password. This will probably stop Hotmail to sending e-mails for your contacts.

# Step 2 #

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • In Extra Registry, select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemdrive%\drivers\*.exe
    %systemroot%\system32\drivers\*.* /90
    %PROGRAMFILES%\*.*
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U /s
    HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs
    HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#4
yoursangoma

yoursangoma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Hope it is okay but I have two computers I want to run this on. A laptop and a desktop. I will put the files for the desktop on a separate post.

Laptop

OTL.txt

OTL logfile created on: 2/26/2012 11:34:22 AM - Run 2
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Gretchen Travis\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 52.72% Memory free
6.11 Gb Paging File | 4.53 Gb Available in Paging File | 74.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.01 Gb Total Space | 11.59 Gb Free Space | 4.09% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.58 Gb Free Space | 50.52% Space Free | Partition Type: NTFS
Drive E: | 581.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: GRETCHENSLAPTOP | User Name: Gretchen Travis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/26 11:32:19 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Gretchen Travis\Desktop\OTL.exe
PRC - [2011/08/23 16:17:34 | 000,211,296 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/08/23 15:34:46 | 006,132,576 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/10 20:59:34 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/06/02 03:33:30 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 05:25:28 | 000,483,428 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/03/30 05:25:18 | 000,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
PRC - [2009/03/30 05:24:48 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe
PRC - [2009/02/27 13:10:16 | 001,316,192 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2009/02/23 07:49:48 | 000,402,672 | ---- | M] () -- C:\Windows\sminst\Components\scheduler\STService.exe
PRC - [2009/02/23 07:48:06 | 000,632,048 | ---- | M] (SoftThinks) -- C:\Windows\sminst\SftService.exe
PRC - [2009/02/04 19:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/01/29 22:50:06 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/29 22:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/01/09 11:49:08 | 000,405,639 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/01/05 15:19:10 | 000,824,560 | ---- | M] (Dell Inc.) -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
PRC - [2009/01/05 15:19:08 | 000,173,296 | ---- | M] (SingleClick Systems) -- C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
PRC - [2008/12/18 11:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/08/25 04:26:04 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/08/25 04:25:54 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/08/25 04:25:54 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/08/25 04:25:52 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/07/31 10:58:38 | 001,616,976 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/09/21 11:26:34 | 000,015,872 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
PRC - [2007/09/14 11:35:04 | 005,730,304 | ---- | M] () -- C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe
PRC - [2006/09/14 06:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/09/14 06:55:52 | 000,061,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/15 03:34:44 | 015,881,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\6364881666197556b963831fc402471a\MenuSkinning.ni.dll
MOD - [2012/02/15 03:34:28 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\c0371c6311c0ca6c87d18429cf218491\VistaBridgeLibrary.ni.dll
MOD - [2012/02/15 03:34:25 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll
MOD - [2012/02/15 03:34:24 | 002,557,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\62b9c49c72dcbc7927e2bc9cf27b5174\DellDock.ni.exe
MOD - [2012/02/15 03:34:23 | 000,286,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\3c5efde7c4604c8f189140647d06d0ba\MyDock.Util.ni.dll
MOD - [2012/02/15 03:33:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012/02/15 03:32:24 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012/02/15 03:32:09 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll
MOD - [2012/02/15 03:32:01 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll
MOD - [2012/02/15 03:30:53 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011/10/18 08:58:37 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll
MOD - [2011/10/18 08:54:54 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/04/01 14:48:48 | 008,217,088 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/04/01 14:41:58 | 002,267,648 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2009/02/23 07:49:48 | 000,402,672 | ---- | M] () -- C:\Windows\sminst\Components\scheduler\STService.exe
MOD - [2009/02/05 07:27:48 | 000,229,376 | ---- | M] () -- C:\Windows\System32\STFiles.dll
MOD - [2008/05/22 11:37:10 | 000,122,880 | ---- | M] () -- C:\Windows\System32\STLog.dll
MOD - [2008/05/19 14:47:00 | 000,450,560 | ---- | M] () -- C:\Program Files\Common Files\Dell\apache\ioncube_loader_win_5.2.dll
MOD - [2008/05/12 13:20:28 | 001,118,208 | ---- | M] () -- C:\Windows\System32\libxml2.dll
MOD - [2008/05/12 13:20:28 | 000,115,712 | ---- | M] () -- C:\Windows\System32\STNLS.dll
MOD - [2008/05/12 13:20:28 | 000,106,496 | ---- | M] () -- C:\Windows\System32\STPE.dll
MOD - [2008/05/12 13:20:28 | 000,073,728 | ---- | M] () -- C:\Windows\System32\zlib1.dll
MOD - [2008/05/12 13:20:28 | 000,069,632 | ---- | M] () -- C:\Windows\System32\STRegistry.dll
MOD - [2007/09/21 11:32:18 | 002,035,712 | ---- | M] () -- C:\Program Files\Common Files\Dell\apache\libmysql.dll
MOD - [2006/12/10 20:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006/12/10 20:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/23 15:34:46 | 006,132,576 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/06/02 03:33:30 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2009/03/30 05:25:18 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe -- (STacSV)
SRV - [2009/03/30 05:24:48 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe -- (AESTFilters)
SRV - [2009/02/23 07:48:06 | 000,632,048 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Windows\sminst\sftservice.EXE -- (SftService)
SRV - [2009/01/29 22:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/05 15:19:10 | 000,824,560 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2009/01/05 15:19:08 | 000,173,296 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe -- (dsl-fs-sync)
SRV - [2008/12/18 11:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/21 11:26:34 | 000,015,872 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Common Files\Dell\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2007/09/14 11:35:04 | 005,730,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe -- (dsl-db)
SRV - [2006/09/14 06:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)


========== Driver Services (SafeList) ==========

DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/03/08 10:02:58 | 000,062,496 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2009/04/10 23:28:18 | 000,542,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\blackbox.dll -- (BlackBox)
DRV - [2009/04/10 21:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009/03/30 05:25:32 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/03/08 16:06:00 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009/03/06 06:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/12/30 19:00:04 | 000,144,128 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2008/12/22 02:12:06 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/11/21 04:15:30 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/11/04 16:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/08/25 04:25:52 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/08/25 03:37:44 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/07/16 04:46:52 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/07/16 04:46:50 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/07/16 04:46:48 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/06/17 09:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2008/01/20 19:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/06/22 16:59:24 | 000,479,232 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/02/06 15:38:02 | 000,028,288 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3466449072-3724660382-525886465-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE
IE - HKU\S-1-5-21-3466449072-3724660382-525886465-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3466449072-3724660382-525886465-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3466449072-3724660382-525886465-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9MSE
IE - HKU\S-1-5-21-3466449072-3724660382-525886465-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3466449072-3724660382-525886465-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3466449072-3724660382-525886465-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3466449072-3724660382-525886465-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3466449072-3724660382-525886465-1000\..\URLSearchHook: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - C:\Program Files\Dogpile Bundle Toolbar\Helper.dll ()
IE - HKU\S-1-5-21-3466449072-3724660382-525886465-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3466449072-3724660382-525886465-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Gretchen Travis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Gretchen Travis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gretchen Travis\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gretchen Travis\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2012/01/24 21:28:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins

[2010/02/25 16:38:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gretchen Travis\AppData\Roaming\Mozilla\Extensions
[2011/04/19 12:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gretchen Travis\AppData\Roaming\Mozilla\Firefox\Profiles\bvc0jyc4.default\extensions
[2010/05/29 19:27:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gretchen Travis\AppData\Roaming\Mozilla\Firefox\Profiles\bvc0jyc4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/15 21:04:19 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2009/11/20 13:05:31 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/20 13:05:32 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2011/07/12 19:59:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Dogpile Bundle Toolbar BHO) - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll ()
O3 - HKU\S-1-5-21-3466449072-3724660382-525886465-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3466449072-3724660382-525886465-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3466449072-3724660382-525886465-1000\..\Toolbar\WebBrowser: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll ()
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-3466449072-3724660382-525886465-1000..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat ()
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\sminst\Components\scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Gretchen Travis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3466449072-3724660382-525886465-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3466449072-3724660382-525886465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3466449072-3724660382-525886465-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll File not found
O15 - HKU\S-1-5-21-3466449072-3724660382-525886465-1000\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3466449072-3724660382-525886465-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3466449072-3724660382-525886465-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73545C0B-D819-4324-8B5D-D55AB3C4B423}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB1E24C6-5904-4C81-BA8C-9E394CFDA794}: DhcpNameServer = 10.101.101.100 163.244.101.69 163.244.100.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Gretchen Travis\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gretchen Travis\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/26 11:32:01 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Gretchen Travis\Desktop\OTL.exe
[2012/02/15 03:07:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/15 03:07:29 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/15 03:07:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/15 03:07:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/15 03:07:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/15 03:07:25 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/14 14:05:47 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/07 09:46:13 | 000,000,000 | ---D | C] -- C:\Users\Gretchen Travis\Desktop\Scripture Journaling
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/26 11:32:19 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Gretchen Travis\Desktop\OTL.exe
[2012/02/26 11:24:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/26 11:24:56 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3466449072-3724660382-525886465-1000UA.job
[2012/02/26 11:24:55 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/26 09:49:52 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/26 09:49:26 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/26 09:49:26 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/26 09:49:15 | 3178,119,168 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/25 19:17:57 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3466449072-3724660382-525886465-1000Core.job
[2012/02/22 10:03:36 | 000,024,604 | ---- | M] () -- C:\Users\Gretchen Travis\Desktop\DSC09268.JPG
[2012/02/22 09:53:20 | 000,087,013 | ---- | M] () -- C:\Users\Gretchen Travis\Desktop\4fc79260a9ea970ad8f3cb3e43ab4f044a9350c008f8e698acd66e1555b5a8e65g.jpg
[2012/02/22 09:51:28 | 000,053,979 | ---- | M] () -- C:\Users\Gretchen Travis\Desktop\idadwrapper.jpg
[2012/02/22 09:51:25 | 000,024,878 | ---- | M] () -- C:\Users\Gretchen Travis\Desktop\ellasrewardchart3_fill-in.jpg
[2012/02/18 21:43:46 | 000,302,515 | ---- | M] () -- C:\Users\Gretchen Travis\Desktop\2009-beck-teaching-the-doctrine-of-the-family__eng.pdf
[2012/02/18 21:43:35 | 000,041,848 | ---- | M] () -- C:\Users\Gretchen Travis\Desktop\Bitter_Cup_and_the_Bloody_Baptism1.pdf
[2012/02/15 03:29:07 | 000,574,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/15 03:03:53 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/15 03:03:52 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/09 18:38:37 | 000,007,052 | ---- | M] () -- C:\Users\Gretchen Travis\AppData\Local\d3d9caps.dat
[2012/02/01 21:26:09 | 000,216,686 | ---- | M] () -- C:\Users\Gretchen Travis\Desktop\2011TaxReturn.pdf
[2012/02/01 19:12:32 | 000,051,097 | ---- | M] () -- C:\Users\Gretchen Travis\Desktop\brettstudentloaninterest.pdf
[2012/02/01 19:01:15 | 000,071,759 | ---- | M] () -- C:\Users\Gretchen Travis\Desktop\gretchstudenloaninterest.pdf
[2012/01/31 05:44:05 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/22 10:04:15 | 000,024,604 | ---- | C] () -- C:\Users\Gretchen Travis\Desktop\DSC09268.JPG
[2012/02/22 10:01:17 | 000,087,013 | ---- | C] () -- C:\Users\Gretchen Travis\Desktop\4fc79260a9ea970ad8f3cb3e43ab4f044a9350c008f8e698acd66e1555b5a8e65g.jpg
[2012/02/22 09:58:02 | 000,053,979 | ---- | C] () -- C:\Users\Gretchen Travis\Desktop\idadwrapper.jpg
[2012/02/22 09:55:19 | 000,024,878 | ---- | C] () -- C:\Users\Gretchen Travis\Desktop\ellasrewardchart3_fill-in.jpg
[2012/02/18 21:43:46 | 000,302,515 | ---- | C] () -- C:\Users\Gretchen Travis\Desktop\2009-beck-teaching-the-doctrine-of-the-family__eng.pdf
[2012/02/18 21:43:35 | 000,041,848 | ---- | C] () -- C:\Users\Gretchen Travis\Desktop\Bitter_Cup_and_the_Bloody_Baptism1.pdf
[2012/02/01 21:26:09 | 000,216,686 | ---- | C] () -- C:\Users\Gretchen Travis\Desktop\2011TaxReturn.pdf
[2012/02/01 19:12:32 | 000,051,097 | ---- | C] () -- C:\Users\Gretchen Travis\Desktop\brettstudentloaninterest.pdf
[2012/02/01 19:01:15 | 000,071,759 | ---- | C] () -- C:\Users\Gretchen Travis\Desktop\gretchstudenloaninterest.pdf
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/07/10 14:46:56 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/07/10 14:46:56 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/07/10 14:46:49 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/07/10 14:46:49 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/07/10 14:46:47 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/07/01 14:50:51 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/03/20 16:45:05 | 000,149,015 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/03/20 16:44:40 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/07/13 19:35:13 | 000,012,201 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/06/02 06:11:29 | 000,005,339 | RH-- | M] () -- C:\dell.sdr
[2012/02/26 09:49:15 | 3178,119,168 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/21 10:14:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/10/13 08:23:57 | 000,000,365 | -H-- | M] () -- C:\IPH.PH
[2009/09/10 18:34:35 | 000,000,027 | ---- | M] () -- C:\KP.cfg
[2010/03/21 10:14:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/02/26 09:49:13 | 3491,733,504 | -HS- | M] () -- C:\pagefile.sys

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >

< %PROGRAMFILES%\*.* >
[2008/01/20 19:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini


< MD5 for: EXPLORER.EXE >
[2009/06/02 06:06:17 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/06/02 06:06:17 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/06/02 06:06:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/06/02 06:06:17 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 19:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 19:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/20 19:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 19:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 19:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 19:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 19:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 19:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< C:\Windows\assembly\tmp\U /s >

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox 4.0 Beta 7\uninstall\helper.exe" /HideShortcuts [2012/01/24 21:28:47 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox 4.0 Beta 7\uninstall\helper.exe" /ShowShortcuts [2012/01/24 21:28:47 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox 4.0 Beta 7\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/24 21:28:47 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe [2012/01/24 21:28:50 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe" -preferences [2012/01/24 21:28:50 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe" -safe-mode [2012/01/24 21:28:50 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/07/15 20:22:04 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/07/15 20:22:04 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/07/15 20:22:04 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/07/15 20:22:05 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/07/15 20:22:05 | 000,748,336 | ---- | M] (Microsoft Corporation)

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox 4.0 Beta 7\uninstall\helper.exe" /HideShortcuts [2012/01/24 21:28:47 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox 4.0 Beta 7\uninstall\helper.exe" /ShowShortcuts [2012/01/24 21:28:47 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox 4.0 Beta 7\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/24 21:28:47 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe [2012/01/24 21:28:50 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe" -preferences [2012/01/24 21:28:50 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe" -safe-mode [2012/01/24 21:28:50 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/07/15 20:22:04 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/07/15 20:22:04 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/07/15 20:22:04 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/07/15 20:22:05 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/07/15 20:22:05 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >


Extras.txt

OTL Extras logfile created on: 2/26/2012 11:34:22 AM - Run 2
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Gretchen Travis\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 52.72% Memory free
6.11 Gb Paging File | 4.53 Gb Available in Paging File | 74.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.01 Gb Total Space | 11.59 Gb Free Space | 4.09% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.58 Gb Free Space | 50.52% Space Free | Partition Type: NTFS
Drive E: | 581.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: GRETCHENSLAPTOP | User Name: Gretchen Travis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3466449072-3724660382-525886465-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D60C01-156B-4AFF-97E4-A179C416DB48}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0554CCEC-F72A-4B3E-B2B2-B7E0FC30B006}" = lport=40094 | protocol=6 | dir=in | name=streaming web cam |
"{0581189A-931A-41EB-8E32-A8776AEF6185}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{066FE6D0-5F81-466C-9329-8E9D43CE2846}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1C7AB91C-7D10-41AC-95EE-9B1A026E146E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{2C566BF5-2EF9-4827-8F02-D628065476BF}" = rport=10244 | protocol=6 | dir=out | app=system |
"{31612EC8-A571-4B5C-896E-5C149D723137}" = lport=10244 | protocol=6 | dir=in | app=system |
"{3EDCF6EF-E449-422A-8602-BDC40E5D0214}" = lport=10244 | protocol=6 | dir=in | app=system |
"{46397CB8-5E9A-4A35-A075-B7DCA6784CBE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4714BA23-9EC6-4B94-8AFE-D7070B9C92BD}" = lport=40092 | protocol=6 | dir=in | name=streaming web cam |
"{47884030-29E7-4144-87F8-B76B749FAF78}" = rport=10244 | protocol=6 | dir=out | app=system |
"{4A41860A-A8BE-4353-BB92-3080F2394C77}" = lport=3390 | protocol=6 | dir=in | app=system |
"{6226C746-53CD-4FA9-96E3-641F1625FB6A}" = lport=40093 | protocol=6 | dir=in | name=streaming web cam |
"{6E90F32D-803F-4C93-82E5-DA9B01EFA760}" = lport=40080 | protocol=6 | dir=in | name=remote access media server |
"{7311EE1D-CB10-47BF-AF44-4D476B2E8BE9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{76D69092-9159-4D1B-9C24-98B8FAA664C1}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{8192B4D4-FF77-4242-AC02-AD1CDDFA7F47}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{86A270FB-AB54-4DDC-8533-ED70C8E4F77A}" = lport=40090 | protocol=6 | dir=in | name=streaming web cam |
"{888D1A78-CE43-4649-BF8D-DCCC10E98045}" = lport=40091 | protocol=6 | dir=in | name=streaming web cam |
"{8B2E343D-BA12-4971-93B7-188D5BC69841}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E21E02F-71FA-40C2-A512-C51DB2EA9AE4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{95E91956-4FB6-4FA7-BD29-FF6C22FD9FE8}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{9B9613B0-52CD-44C9-8C30-8AF2F5E5FF95}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BC8B3AFF-2CB4-4C46-AB70-BBBA47FE692E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C09EAC42-5FF5-48AB-8941-13A0D9E3093C}" = lport=3390 | protocol=6 | dir=in | app=system |
"{C312990F-0F24-45EC-B14D-CF5AA68330BA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D83FDE57-66AD-43E1-808C-C946CD05DD4F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F180672E-AD57-4195-87EA-1AB88014E44A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0019274F-84B7-4C19-A36F-253959F2A6B6}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{0FF6287B-D1B4-4B10-A1EB-5808FF45EAD3}" = protocol=6 | dir=in | app=c:\program files\dogpile bundle toolbar\toolbarupdate.exe |
"{10F46E7D-7733-4147-A6C2-948F9018A343}" = protocol=17 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
"{13ABFF43-D13D-4AE6-84E8-A8B9A8202149}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{13E6662B-74CE-46A2-956E-103EB878A0E6}" = protocol=6 | dir=in | app=c:\users\gretchen travis\appdata\local\temp\7zsed21.tmp\symnrt.exe |
"{1E875FE0-9A98-463E-875A-24202515E8F0}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{25A52BF8-AA5D-421B-A4B7-607123423134}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{29FC3F05-792C-4C9D-9E89-E249318E485B}" = protocol=6 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysql.exe |
"{2B9B0CA8-DFF9-4414-9357-47F99DB8A272}" = protocol=6 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysqld.exe |
"{32DBBB6F-DA77-4283-B168-36A7583DCA8F}" = protocol=6 | dir=in | app=c:\program files\common files\dell\apache\bin\httpd.exe |
"{32FA0BF8-F815-4EF7-BDF1-69FCA02A0B27}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{390D52A5-C0F1-4D5F-9C9A-CE5E045F6503}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{39722840-125F-47FE-AA1A-1DA1EAA580AB}" = protocol=17 | dir=in | app=c:\program files\common files\dell\apache\php.exe |
"{3DCA68A7-1181-4D8C-8B2A-E9E5AE4A22E2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{3F4D69E7-21C5-4C68-827F-1C596794DED8}" = protocol=6 | dir=in | app=c:\users\gretchen travis\desktop\pdfconvertersetup.exe |
"{40DE43D2-B58D-4EDF-B070-90495A86DAF9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{427359BE-BF4F-4E25-B6E5-1F3D906E4B26}" = protocol=17 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysql.exe |
"{4638F68C-FD30-4E65-B6CA-FFA73FF935F9}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{47901AAC-7F79-406A-9CE9-2C2B57F7E8AC}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{479D99FA-AA12-4070-8FF5-84A3D7E227E5}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{4BB49752-4009-4B1C-8A6D-F7B03BC8F204}" = protocol=17 | dir=in | app=c:\users\gretchen travis\desktop\pdfconvertersetup.exe |
"{4E421A4D-0AAC-4E07-B4EE-F8F209883791}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{5BEBCB1D-1B73-4A62-B81A-BF1CB134C6D5}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{5F68D04E-AED3-4D39-A360-EEF9E5722A9C}" = protocol=17 | dir=in | app=c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{673CBDBD-5007-4252-AB45-D7E0182BC970}" = protocol=17 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysqld.exe |
"{6858DFC5-4953-4078-B2C8-0D5481208957}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{68CB5A42-DBC4-48F8-8571-C0EA469D8A82}" = dir=in | app=c:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{6C1AEBAA-0DDB-4ADD-98F5-C975B7319C92}" = protocol=6 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
"{6DBFB869-83BD-436C-AE04-EBA6FDABB74D}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{6DCDDCD6-0241-404A-941E-01A40CEAF39D}" = protocol=17 | dir=in | app=c:\users\gretchen travis\appdata\local\temp\7zsed21.tmp\symnrt.exe |
"{6E4DB42E-FEB2-4D14-A864-B23CFE492DE6}" = protocol=17 | dir=in | app=c:\program files\dogpile bundle toolbar\toolbarupdate.exe |
"{75C735E6-239E-4BE7-B26C-EF351913894D}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{762079D7-372F-4FC1-B4E4-8B911E051C61}" = protocol=6 | dir=in | app=c:\program files\dogpile bundle toolbar\troubleshooter.exe |
"{786555B0-F9FF-4108-9CA0-6448B0088A90}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{7C8CF521-1BFD-4B64-923A-0E92553FDC0A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{80BD74F0-0021-426A-A0EA-2DCA5279E7D9}" = protocol=6 | dir=in | app=c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{97CF232D-9BD7-4F12-831E-55DF4B7F164D}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{9E4F2A7C-AE43-46F5-A85F-DA5410D7A30B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{9EEB2BFA-B5A2-4642-8A1B-F9D6CB9C8EC1}" = protocol=6 | dir=in | app=c:\users\gretchen travis\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{A00574D7-358C-4369-BD20-E6800991CF03}" = protocol=17 | dir=in | app=c:\users\gretchen travis\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{B4AC5D2C-43BB-454E-96CD-5454145DCB90}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{B4CEEB7F-821F-440D-A4FE-6C59BAA28FBB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B7C026AD-AD92-4834-94F9-8FDA319A26B0}" = protocol=17 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
"{C0BA2FD8-37C3-4792-888F-AAEE35C8C495}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{C0FA1170-22E5-4497-A0DA-D88300DFC265}" = protocol=6 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
"{CF806D05-F4B3-4D5F-BCE6-2071202D6A72}" = protocol=17 | dir=in | app=c:\program files\dogpile bundle toolbar\troubleshooter.exe |
"{DA7A1A7E-38B3-4F24-BA9F-80FEF9DFF3F5}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{DB515385-7FB4-4F09-859A-7E74F601B26E}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{E511D254-75A9-4787-9718-5B9DF7B22E28}" = protocol=6 | dir=in | app=c:\program files\common files\dell\apache\php.exe |
"{F9B32F73-300C-4E9A-BFDA-77FC400723BE}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{FE870989-D54B-4FA5-A528-2969928691A5}" = protocol=17 | dir=in | app=c:\program files\common files\dell\apache\bin\httpd.exe |
"TCP Query User{04B7605F-2B51-49A8-B68C-C4A0D190E2AB}C:\programdata\314ca3\am314_323.exe" = protocol=6 | dir=in | app=c:\programdata\314ca3\am314_323.exe |
"TCP Query User{DE9F14CE-6EFC-4BC4-ADE5-0AEE5132E7BF}C:\program files\boxee\boxee.exe" = protocol=6 | dir=in | app=c:\program files\boxee\boxee.exe |
"TCP Query User{F48DFE1C-A1DB-4849-8A7E-461475333A9C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{04C1419D-43DA-4A96-BBB8-44BDE0B09CCD}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{5EB5FCBD-F9AF-4BEE-B0CB-9AAB1F17EE58}C:\programdata\314ca3\am314_323.exe" = protocol=17 | dir=in | app=c:\programdata\314ca3\am314_323.exe |
"UDP Query User{9E8FCCB0-D3FD-4154-BA38-FBF65049DD75}C:\program files\boxee\boxee.exe" = protocol=17 | dir=in | app=c:\program files\boxee\boxee.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{053C30EA-D4C6-47A0-8537-8D231D9BE873}" = DELL0703
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0B2E5D93-081D-45B2-8069-BF4FACC1B359}" = Sesame Street First Steps
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 29
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB2.0 VIDBOX NW03
"{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}" = honestech VHS to DVD 3.0 Deluxe
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{33785AE7-2203-4D93-B6B3-35B7CC3C4906}" = Sesame Street - Learn, Play & Grow
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BC83065-F98B-4DB1-B4AE-AA2F1FA9BA2B}" = LeapFrog Connect
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{6541F559-4470-4C0B-A1BB-B857ACAC4CE8}" = LeapFrog My Pals Plugin
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75B6C1BF-B98C-4B99-BD0D-CC9BF16C490D}" = Clifford Phonics
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{86C1A488-24AD-42F0-BCEF-FDB11FC2BEFA}" = NetZero For Riverdeep
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8E6AE459-9D8F-7365-E848-877D508F5A48}" = Picaboo X
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3350D7C-9D1B-44B3-A5A1-EDADC0D66109}" = Kid Pix Deluxe 4
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8192B14-5B56-2E27-6652-8AA650091D6E}" = Shutterfly Express Uploader
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DA80A0FE-AC63-47FC-8CA5-E29754255B96}" = honestech VHS to DVD 3.0 Deluxe
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E2B31B67-9795-4EF9-9AC6-B683E7B11BE6}_is1" = FotoFusion v4
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EF78F612-67AA-42B0-999C-A2EDF49CA9B0}" = Sesame Street - Let's Go To Preschool
"{F1568757-E564-4cb5-8980-9333119A4384}" = F300
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Any Video Converter_is1" = Any Video Converter 3.3.2
"BOXEE" = Boxee
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1" = Picaboo X
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"CPATPWSUEW411" = Gleim CPA Test Prep 2011 WebDeploy
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"Dogpile Bundle Toolbar" = Dogpile Bundle Toolbar
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EOS USB WIA Driver" = EOS USB WIA Driver
"ESET Online Scanner" = ESET Online Scanner v3
"FrippleTown" = Edmark - FrippleTown (Remove only)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.1.0 (Full)
"LHTTSSPE" = L&H TTS3000 Español
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MyPalsPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
"Picasa 3" = Picasa 3
"RealAlt_is1" = Real Alternative 2.0.2
"Sammy's Science House" = Edmark Sammy's Science House
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"UPCShell" = LeapFrog Connect
"VideoSpirit Pro" = VideoSpirit Pro 1.59
"WildTangent dell Master Uninstall" = WildTangent Games

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3466449072-3724660382-525886465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/7/2012 4:04:49 PM | Computer Name = GretchensLaptop | Source = VSS | ID = 12289
Description =

Error - 2/7/2012 4:04:49 PM | Computer Name = GretchensLaptop | Source = System Restore | ID = 8193
Description =

Error - 2/7/2012 4:04:49 PM | Computer Name = GretchensLaptop | Source = System Restore | ID = 8210
Description =

Error - 2/8/2012 4:00:25 PM | Computer Name = GretchensLaptop | Source = WinMgmt | ID = 10
Description =

Error - 2/9/2012 1:03:29 AM | Computer Name = GretchensLaptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module jscript9.dll, version 9.0.8112.16440, time stamp 0x4eb31a04,
exception code 0xc0000005, fault offset 0x0002bcc9, process id 0x19b4, application
start time 0x01cce6e6fec3b0f0.

Error - 2/9/2012 9:39:14 PM | Computer Name = GretchensLaptop | Source = WinMgmt | ID = 10
Description =

Error - 2/11/2012 1:01:26 AM | Computer Name = GretchensLaptop | Source = WinMgmt | ID = 10
Description =

Error - 2/11/2012 12:52:23 PM | Computer Name = GretchensLaptop | Source = WinMgmt | ID = 10
Description =

Error - 2/12/2012 1:26:26 PM | Computer Name = GretchensLaptop | Source = WinMgmt | ID = 10
Description =

Error - 2/13/2012 12:37:31 PM | Computer Name = GretchensLaptop | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 12/4/2010 12:08:27 PM | Computer Name = GretchensLaptop | Source = Mcx2Dvcs | ID = 401
Description =

Error - 12/4/2010 12:08:51 PM | Computer Name = GretchensLaptop | Source = Mcx2Dvcs | ID = 401
Description =

Error - 12/4/2010 12:11:50 PM | Computer Name = GretchensLaptop | Source = McrMgr | ID = 107
Description =

Error - 12/4/2010 12:11:50 PM | Computer Name = GretchensLaptop | Source = McrMgr | ID = 107
Description =

Error - 12/4/2010 12:16:01 PM | Computer Name = GretchensLaptop | Source = McrMgr | ID = 107
Description =

[ System Events ]
Error - 2/25/2012 10:59:13 PM | Computer Name = GretchensLaptop | Source = netbt | ID = 4321
Description = The name "OWNER-PC :0" could not be registered on the interface
with IP address 192.168.0.68. The computer with the IP address 192.168.0.71 did
not allow the name to be claimed by this computer.

Error - 2/25/2012 11:09:29 PM | Computer Name = GretchensLaptop | Source = netbt | ID = 4321
Description = The name "OWNER-PC :0" could not be registered on the interface
with IP address 192.168.0.68. The computer with the IP address 192.168.0.71 did
not allow the name to be claimed by this computer.

Error - 2/25/2012 11:21:00 PM | Computer Name = GretchensLaptop | Source = netbt | ID = 4321
Description = The name "OWNER-PC :0" could not be registered on the interface
with IP address 192.168.0.68. The computer with the IP address 192.168.0.71 did
not allow the name to be claimed by this computer.

Error - 2/25/2012 11:31:08 PM | Computer Name = GretchensLaptop | Source = netbt | ID = 4321
Description = The name "OWNER-PC :0" could not be registered on the interface
with IP address 192.168.0.68. The computer with the IP address 192.168.0.71 did
not allow the name to be claimed by this computer.

Error - 2/26/2012 12:14:36 AM | Computer Name = GretchensLaptop | Source = netbt | ID = 4321
Description = The name "OWNER-PC :0" could not be registered on the interface
with IP address 192.168.0.68. The computer with the IP address 192.168.0.71 did
not allow the name to be claimed by this computer.

Error - 2/26/2012 12:34:52 AM | Computer Name = GretchensLaptop | Source = netbt | ID = 4321
Description = The name "OWNER-PC :0" could not be registered on the interface
with IP address 192.168.0.68. The computer with the IP address 192.168.0.71 did
not allow the name to be claimed by this computer.

Error - 2/26/2012 1:02:01 PM | Computer Name = GretchensLaptop | Source = netbt | ID = 4321
Description = The name "OWNER-PC :0" could not be registered on the interface
with IP address 192.168.0.68. The computer with the IP address 192.168.0.71 did
not allow the name to be claimed by this computer.

Error - 2/26/2012 1:12:22 PM | Computer Name = GretchensLaptop | Source = netbt | ID = 4321
Description = The name "OWNER-PC :0" could not be registered on the interface
with IP address 192.168.0.68. The computer with the IP address 192.168.0.71 did
not allow the name to be claimed by this computer.

Error - 2/26/2012 1:22:55 PM | Computer Name = GretchensLaptop | Source = netbt | ID = 4321
Description = The name "OWNER-PC :0" could not be registered on the interface
with IP address 192.168.0.68. The computer with the IP address 192.168.0.71 did
not allow the name to be claimed by this computer.

Error - 2/26/2012 2:38:41 PM | Computer Name = GretchensLaptop | Source = netbt | ID = 4321
Description = The name "OWNER-PC :0" could not be registered on the interface
with IP address 192.168.0.68. The computer with the IP address 192.168.0.71 did
not allow the name to be claimed by this computer.


< End of report >
  • 0

#5
yoursangoma

yoursangoma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Desktop

OTL.txt

OTL logfile created on: 2/26/2012 11:40:05 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 58.56% Memory free
4.11 Gb Paging File | 2.45 Gb Available in Paging File | 59.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.05 Gb Total Space | 129.48 Gb Free Space | 44.95% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.41 Gb Free Space | 64.09% Space Free | Partition Type: NTFS
Drive F: | 7.46 Gb Total Space | 4.17 Gb Free Space | 55.88% Space Free | Partition Type: FAT32

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/26 11:32:20 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2011/10/18 19:41:36 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2011/10/09 10:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/04/28 20:06:26 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe
PRC - [2009/08/17 06:54:30 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/17 06:54:27 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/17 06:54:18 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/03 17:01:10 | 000,487,424 | ---- | M] (Fisher-Price) -- C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe
PRC - [2008/01/19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/17 06:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/05/31 09:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdcBase.exe
PRC - [2007/03/15 10:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/02/20 13:58:44 | 000,053,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\LBTWiz.exe
PRC - [2007/02/20 13:57:32 | 000,110,592 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
PRC - [2007/02/20 13:29:00 | 000,679,936 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
PRC - [2007/01/11 17:15:00 | 000,101,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Pixart\Pac7302\Monitor.exe
PRC - [2006/11/02 05:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2006/10/03 09:39:58 | 000,512,000 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/09/14 07:55:52 | 000,061,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2006/12/10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006/12/10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/08/17 06:54:27 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/17 06:54:18 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/03/19 10:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/20 13:57:32 | 000,110,592 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE -- (LBTServ)
SRV - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)


========== Driver Services (SafeList) ==========

DRV - [2010/02/24 06:13:40 | 000,494,368 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/08/17 06:54:30 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/17 06:54:30 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/07/14 18:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/05/21 08:34:26 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/04/10 21:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/07/25 23:41:02 | 000,042,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2007/08/15 07:27:18 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\n558.sys -- (n558)
DRV - [2007/08/09 17:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/06/14 15:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007/03/23 04:09:16 | 000,129,832 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/03/15 06:57:30 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/25 10:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/01/11 17:15:16 | 000,032,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/01/11 17:15:06 | 000,032,272 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 00:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1141223913-1607684528-1371063967-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1141223913-1607684528-1371063967-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1141223913-1607684528-1371063967-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1141223913-1607684528-1371063967-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1141223913-1607684528-1371063967-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1141223913-1607684528-1371063967-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1141223913-1607684528-1371063967-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1141223913-1607684528-1371063967-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1141223913-1607684528-1371063967-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/24 20:39:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/14 21:04:52 | 000,000,000 | ---D | M]

[2010/08/17 16:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2011/06/14 21:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\edrb9tsu.default\extensions
[2011/01/09 17:06:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\edrb9tsu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/17 15:20:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/24 20:39:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/24 20:39:47 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/24 20:39:47 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKLM..\Run: [eligmini] C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe (Fisher-Price)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech BT Wizard] LBTWiz.exe -silent File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\Pixart\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1141223913-1607684528-1371063967-1000..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1141223913-1607684528-1371063967-1000..\Run: [MusicManager] C:\Users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-1141223913-1607684528-1371063967-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O7 - HKU\S-1-5-21-1141223913-1607684528-1371063967-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1141223913-1607684528-1371063967-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1141223913-1607684528-1371063967-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.0.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://sslweb.deanf...COL /relayp.cab (Cisco Systems WebVPN Relay Loader)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab (Snapfish Activia)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (SysData Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} https://sslweb.deanf...ies/instweb.cab (CSD ActiveX Installer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46B999D7-9942-4454-8036-D8F31EB1DBDC}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1251009-D689-4F78-8781-78574F9EE90C}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4fea8c95-6915-11dc-803f-000761944eaf}\Shell - "" = AutoRun
O33 - MountPoints2\{4fea8c95-6915-11dc-803f-000761944eaf}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\{77ece612-314c-11dd-98dd-001aa056cfa5}\Shell - "" = AutoRun
O33 - MountPoints2\{77ece612-314c-11dd-98dd-001aa056cfa5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/02/26 11:36:40 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/02/15 03:06:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/15 03:06:16 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/15 03:06:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/15 03:06:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/15 03:06:15 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/15 03:06:12 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/15 01:46:33 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/26 11:39:12 | 001,467,782 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/26 11:39:12 | 000,402,126 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/26 11:32:20 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/02/26 11:29:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/26 11:06:44 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1141223913-1607684528-1371063967-1000UA.job
[2012/02/26 08:55:39 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/26 08:55:39 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/26 01:01:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1141223913-1607684528-1371063967-1000Core.job
[2012/02/23 09:31:55 | 090,469,906 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2012/02/15 03:28:54 | 000,379,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/15 03:27:02 | 2078,793,728 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/15 03:25:41 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/01/29 05:10:42 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2004/08/31 19:47:07 | 000,000,032 | ---- | M] () -- C:\BCMSM.log
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/11/10 06:22:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/01/14 17:37:44 | 000,000,242 | ---- | M] () -- C:\CDFE.log
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/09/11 12:04:42 | 000,003,964 | RH-- | M] () -- C:\dell.sdr
[2012/02/15 03:27:02 | 2078,793,728 | -HS- | M] () -- C:\hiberfil.sys
[2006/01/08 20:08:29 | 000,411,294 | ---- | M] () -- C:\hpfr5100.log
[2008/03/26 15:40:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/09/01 20:13:52 | 000,000,258 | ---- | M] () -- C:\lxcg.log
[2006/01/14 17:37:38 | 000,000,000 | ---- | M] () -- C:\lxcgfire.csv
[2006/01/14 17:38:11 | 000,000,867 | ---- | M] () -- C:\LXCGINST.csv
[2007/09/13 21:03:05 | 000,023,524 | ---- | M] () -- C:\lxcgscan.log
[2008/03/26 15:40:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/02/15 03:27:01 | 2392,596,480 | -HS- | M] () -- C:\pagefile.sys
[2005/04/27 08:29:06 | 000,014,625 | ---- | M] () -- C:\Rescued document 1.txt
[2005/04/27 08:29:02 | 000,011,367 | ---- | M] () -- C:\Rescued document.txt
[2 C:\*.tmp files -> C:\*.tmp -> ]

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >

< %PROGRAMFILES%\*.* >
[2008/06/20 15:12:37 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini


< MD5 for: EXPLORER.EXE >
[2008/10/28 23:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 20:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/18 23:10:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/18 23:10:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 19:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 02:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 00:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 02:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 00:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 00:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 00:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 00:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 02:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 02:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 00:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< C:\Windows\assembly\tmp\U /s >

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/24 20:39:47 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/24 20:39:47 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/24 20:39:47 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/24 20:39:50 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/24 20:39:50 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/24 20:39:50 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/24 19:58:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/24 19:58:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/24 19:58:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/24 19:58:47 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/24 19:58:47 | 000,748,336 | ---- | M] (Microsoft Corporation)

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/24 20:39:47 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/24 20:39:47 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/24 20:39:47 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/24 20:39:50 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/24 20:39:50 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/24 20:39:50 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/24 19:58:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/24 19:58:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/24 19:58:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/24 19:58:47 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/24 19:58:47 | 000,748,336 | ---- | M] (Microsoft Corporation)

< End of report >


Extras.txt

OTL Extras logfile created on: 2/26/2012 11:40:05 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 58.56% Memory free
4.11 Gb Paging File | 2.45 Gb Available in Paging File | 59.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.05 Gb Total Space | 129.48 Gb Free Space | 44.95% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.41 Gb Free Space | 64.09% Space Free | Partition Type: NTFS
Drive F: | 7.46 Gb Total Space | 4.17 Gb Free Space | 55.88% Space Free | Partition Type: FAT32

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1141223913-1607684528-1371063967-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11A739BC-5F45-4C49-8F92-5F200E2A6057}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{19CA8F85-7BAB-486D-8303-9DDBE8B70CBD}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{2E4E0729-083C-484B-8FE6-45883AEAAFE4}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{580E3507-D109-4656-BE66-71A13D036AB7}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{64D0F610-4839-426E-8FEB-715CADE2CD58}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{94983985-9878-44A3-8AE1-963903F05742}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{960A4CA4-51A7-4FC1-8ADD-0B39F55DE3DA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B303982C-F88B-4533-A7C2-738B52947925}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{147B3C62-2044-444D-B98E-AA9423651BE2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1AB506D9-458D-4E7A-ABC8-245A9EADBD66}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1C3CBF0F-A118-4D92-B6EF-0B6CEDA6114C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{20C46D01-DDB3-40B5-B77D-7ACCE5D5B784}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{5509885B-48DC-4560-B5A3-F89A5465CEB4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5A801D4E-C962-4F23-A530-E929580A55FC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5BDA7A05-6A7A-4A67-B46B-CCC77EBA8D6F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7A0BC530-DFC8-45DD-94C3-E04287F0A822}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7D7445E3-A60E-4E30-B175-FF864D38D4C4}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{92867F26-CFC8-4197-B35F-15CBEDD8D8F1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9808610C-EDE3-4120-AB5A-9B266ED77750}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{983CEC1D-C500-459C-AD30-212B23BD12D6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{ABC04D88-C909-44B7-9D32-51052258BB80}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C22961B0-1A8C-4409-8DBD-015ED68E2EE5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C3CF79B3-EF8E-4689-961E-6BEE7E9B0BF0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DEAE8377-5494-4225-923B-704A6D700B19}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{F35DA868-0101-4AEB-A186-6A1E54923080}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{350986FD-4716-46D7-8EB3-431FCAF71DB0}C:\program files\football superstars\fspatchr.exe" = protocol=6 | dir=in | app=c:\program files\football superstars\fspatchr.exe |
"TCP Query User{9C62441C-4AC8-45E4-B432-B39802397404}C:\program files\boxee\boxee.exe" = protocol=6 | dir=in | app=c:\program files\boxee\boxee.exe |
"TCP Query User{C162CF6A-6348-4F3E-A1E4-21176D2E050D}C:\program files\football superstars\fsclientr.exe" = protocol=6 | dir=in | app=c:\program files\football superstars\fsclientr.exe |
"TCP Query User{EEE16596-7E45-4A8B-940B-7C00D47D74B6}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{07F01D18-41BD-485E-BDFD-EFA0627241BC}C:\program files\football superstars\fspatchr.exe" = protocol=17 | dir=in | app=c:\program files\football superstars\fspatchr.exe |
"UDP Query User{2A800AB9-1EDE-4014-8E24-CE8B0672129E}C:\program files\boxee\boxee.exe" = protocol=17 | dir=in | app=c:\program files\boxee\boxee.exe |
"UDP Query User{576FB37D-302A-4B39-86E1-6DCAB0E60772}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CFD8E13D-74BC-4A97-92C8-004D056D29CE}C:\program files\football superstars\fsclientr.exe" = protocol=17 | dir=in | app=c:\program files\football superstars\fsclientr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDF840B-A50A-491E-BF44-6D6964C451A8}" = VGA USB Camera
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 26
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E06C076-E4E7-4239-A886-B3D8AC84C166}" = HP Print Diagnostic Utility
"{5E564EB5-6BE3-4084-BEC0-627D637BBE8C}" = Easy-Link internet launch pad
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A8DEA40-B4AA-4687-B9F8-4E8185E65B05}" = Paint.NET v3.05
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}" = KhalSetup
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91AFACB3-CA46-4C1E-AF2D-F72EE0B112E4}" = Personal Ancestral File Companion 5.2
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E4F351C-60AC-43DC-A38B-5C5F05B6B015}" = Treo 750 User Guide
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A75AC597-EDCD-4FC7-94C5-2F72B52C95CA}" = Scrapbook Factory
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1568757-E564-4cb5-8980-9333119A4384}" = F300
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AVG8Uninstall" = AVG Free 8.5
"BluesCluesPreschoolDKey" = Blue's Preschool
"BOXEE" = Boxee
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"CPATPWSUEW411" = Gleim CPA Test Prep 2011 WebDeploy
"Dragon Tales" = Dragon Tales
"FamilyInsight" = FamilyInsight
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 5.9
"GenSmarts_is1" = GenSmarts
"Google Desktop" = Google Desktop
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"PAF Insight" = PAF Insight
"Picasa 3" = Picasa 3
"RootsMagic_is1" = RootsMagic 3.2.2.0
"Scholastic's I SPY Junior" = Scholastic's I SPY Junior
"SelectRebatesUninstall" = ShopAtHome SelectRebates
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1141223913-1607684528-1371063967-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MusicManager" = Music Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/26/2011 9:55:11 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4009

Error - 8/26/2011 9:55:12 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/26/2011 9:55:12 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5023

Error - 8/26/2011 9:55:12 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5023

Error - 8/26/2011 9:55:13 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/26/2011 9:55:13 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6021

Error - 8/26/2011 9:55:13 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6021

Error - 8/26/2011 9:55:14 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/26/2011 9:55:14 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7020

Error - 8/26/2011 9:55:14 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7020

[ Media Center Events ]
Error - 5/31/2009 7:37:07 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/11/2009 9:17:26 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 3/18/2010 12:05:28 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 2/17/2012 10:20:59 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
Description =

Error - 2/19/2012 8:54:09 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
Description =

Error - 2/22/2012 12:28:52 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
Description =

Error - 2/22/2012 3:51:11 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 2/23/2012 3:23:34 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
Description =

Error - 2/24/2012 5:40:56 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
Description =

Error - 2/24/2012 2:57:40 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 2/24/2012 8:00:21 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 2/25/2012 3:39:26 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
Description =

Error - 2/26/2012 4:09:20 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >
  • 0

#6
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

How your Hotmail is? It is still sending e-mails to your contacts?

Your computer looks like clean. Please, run Eset Online Scanner to make sure.

Disable your antivirus software

  • Acess the Eset Online Scanner website using Internet Explorer navigator.
    http://www.eset.com/...escan/index.php
  • Do the scan according the image:

    Posted Image
  • At the end, check the box "Delete Quarantined files" and click in [FINISH]
  • It will be generated a log in C:\Program Files\EsetOnlineScanner\Log.txt
    PS: If you didn't find the log.txt file in \EsetOnlineScanner\, look on \Program Files\Eset\EsetOnlineScanner\log.txt
  • Post that log.

  • 0

#7
yoursangoma

yoursangoma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
There have not been any additional emails sent out, but last time this happened it was 8 days between the two occurrences. I will post the log later after running your recommendation.
  • 0

#8
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Ok. I'm waiting.
  • 0

#9
NeonFx

NeonFx

    Malware Removal Dude

  • Expert
  • 3,797 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP