Hey askey127
THanks for the heads up about P2P. It is gone. Here is the other scans.
______________________________________________________________________________________________
TL logfile created on: 12/19/2011 4:43:00 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kevin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
893.76 Mb Total Physical Memory | 216.47 Mb Available Physical Memory | 24.22% Memory free
2.00 Gb Paging File | 0.92 Gb Available in Paging File | 45.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102.95 Gb Total Space | 43.29 Gb Free Space | 42.05% Space Free | Partition Type: NTFS
Drive D: | 8.84 Gb Total Space | 1.20 Gb Free Space | 13.53% Space Free | Partition Type: NTFS
Computer Name: CONNER | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/12/19 16:40:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,228,520 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/09/25 22:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/25 22:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 02:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2008/01/15 10:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 06:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
========== Modules (No Company Name) ========== MOD - [2009/12/12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (CinemaNow Service)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/09/25 22:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2008/10/09 20:59:37 | 000,087,288 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ========== DRV - [2011/12/19 16:21:26 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0ABD9DE1-1B92-4821-A631-6DFFD167A8B9}\MpKsl46ebd9f0.sys -- (MpKsl46ebd9f0)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/09/28 02:07:04 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/11/13 20:20:48 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/22 13:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/26 17:51:22 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2004/09/29 15:36:29 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NetMotCM.sys -- (ndiscm)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-615362757-4080515931-4032410649-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
http://toolbar.inbox.com/search/dispatc ... p=aus&qkw=%s&tbid=%tb_id&%language
IE - HKU\S-1-5-21-615362757-4080515931-4032410649-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.com/?pc=Z129&ocid=zdhp&i ... e=20111130IE - HKU\S-1-5-21-615362757-4080515931-4032410649-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
http://www.xfinity.com/customer/start/? ... te09292011IE - HKU\S-1-5-21-615362757-4080515931-4032410649-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-615362757-4080515931-4032410649-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-615362757-4080515931-4032410649-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPAPIX: C:\Program Files\Common Files\fluxDVD\APIX\NPAPIX.dll ()
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPFluxBrowserHelper: C:\Program Files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Kevin\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kevin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2008/12/25 23:19:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/23 14:08:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/23 14:08:21 | 000,000,000 | ---D | M]
[2011/11/30 08:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Extensions
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll (Visicom Media)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-615362757-4080515931-4032410649-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-615362757-4080515931-4032410649-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900 File not found
O4 - HKLM..\Run: [CinemaNowMediaManagerApp] File not found
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-615362757-4080515931-4032410649-1000..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O8 - Extra context menu item: Google Sidewiki... -
res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-615362757-4080515931-4032410649-1000\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-615362757-4080515931-4032410649-1000\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E47B999D-EBB8-4B61-981A-ACA8A0FF513D}: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/06 09:49:35 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1a829fe7-fe61-11de-bc8c-001e90707575}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011/12/19 16:40:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2011/12/18 11:39:52 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/18 11:39:50 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/18 11:39:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/18 11:39:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/18 11:39:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/18 11:39:46 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/18 10:54:19 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/12/17 20:09:08 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Facebook
[2011/12/15 13:36:43 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/15 13:36:34 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/15 13:36:34 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/15 13:36:31 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/15 13:36:28 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/15 13:35:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/06 08:31:20 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/12/04 12:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/12/02 09:18:33 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\DriverCure
[2011/12/02 09:18:32 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\SpeedyPC Software
[2011/12/02 09:17:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2011/11/30 08:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/11/30 08:24:55 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Mozilla
[2011/11/28 08:23:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/24 15:41:06 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\canon
[2011/11/24 15:37:02 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\ZoomBrowser EX
[2011/11/24 15:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\ZoomBrowser
[2011/11/24 15:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2011/11/24 15:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2011/11/24 15:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Users\Kevin\Desktop\*.tmp files -> C:\Users\Kevin\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2011/12/19 16:40:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2011/12/19 16:22:09 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/19 16:11:25 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/19 16:11:25 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/19 14:14:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-615362757-4080515931-4032410649-1000UA.job
[2011/12/18 23:22:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/18 20:14:06 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-615362757-4080515931-4032410649-1000Core.job
[2011/12/18 16:11:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/18 12:16:50 | 000,423,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/18 11:24:15 | 000,000,260 | ---- | M] () -- C:\Windows\System32\cmdVBS.vbs
[2011/12/18 11:24:15 | 000,000,256 | ---- | M] () -- C:\Windows\System32\MSIevent.bat
[2011/12/09 18:17:07 | 000,606,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/09 18:17:07 | 000,104,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/06 08:38:39 | 000,007,052 | ---- | M] () -- C:\Users\Kevin\AppData\Local\d3d9caps.dat
[2011/12/06 08:31:20 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/24 15:12:24 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk
[2011/11/24 15:11:37 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Picture Style Editor.lnk
[2011/11/24 15:11:35 | 000,000,878 | ---- | M] () -- C:\Users\Public\Desktop\EOS Utility.lnk
[2011/11/24 15:10:57 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Digital Photo Professional.lnk
[2011/11/23 08:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Users\Kevin\Desktop\*.tmp files -> C:\Users\Kevin\Desktop\*.tmp -> ]
========== Files Created - No Company Name ========== [2011/12/17 20:09:34 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-615362757-4080515931-4032410649-1000UA.job
[2011/12/17 20:09:30 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-615362757-4080515931-4032410649-1000Core.job
[2011/11/24 15:12:24 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk
[2011/11/24 15:11:37 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Picture Style Editor.lnk
[2011/11/24 15:11:35 | 000,000,878 | ---- | C] () -- C:\Users\Public\Desktop\EOS Utility.lnk
[2011/11/24 15:10:57 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Digital Photo Professional.lnk
[2011/08/23 14:07:29 | 000,023,112 | ---- | C] () -- C:\Windows\hpqins15.dat
[2011/01/12 18:20:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/24 19:14:18 | 000,004,096 | -H-- | C] () -- C:\Users\Kevin\AppData\Local\keyfile3.drm
[2009/11/20 17:05:08 | 000,007,052 | ---- | C] () -- C:\Users\Kevin\AppData\Local\d3d9caps.dat
[2009/11/20 17:04:56 | 000,000,024 | ---- | C] () -- C:\ProgramData\CinemaNowSvc.ini
[2009/09/18 06:03:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/18 06:03:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/09/18 02:00:58 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/11 21:35:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/09/11 21:32:24 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008/07/06 17:44:48 | 000,029,260 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\UserTile.png
[2008/05/11 16:08:13 | 000,107,026 | ---- | C] () -- C:\Windows\hpqins13.dat.temp
[2008/05/03 17:56:46 | 000,000,590 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\wklnhst.dat
[2008/05/01 19:22:59 | 000,147,097 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2008/05/01 19:22:57 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2008/05/01 18:55:53 | 000,108,073 | ---- | C] () -- C:\Windows\hpqins01.dat
[2008/04/30 20:58:32 | 000,164,775 | ---- | C] () -- C:\Windows\hpoins21.dat
[2008/04/30 20:58:32 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2008/04/17 15:37:55 | 000,048,128 | ---- | C] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/17 14:11:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/04/11 13:27:32 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007/12/06 09:40:18 | 000,107,370 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/12/06 09:24:51 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/12/06 09:22:52 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/12/06 09:22:52 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/07/19 10:07:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 02:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 02:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,423,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,606,364 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
========== LOP Check ========== [2008/10/13 22:54:18 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Any Video Converter
[2011/11/24 15:41:06 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\canon
[2011/12/02 09:18:33 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DriverCure
[2010/02/10 21:27:50 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Facebook
[2010/07/31 17:24:45 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Leadertech
[2008/07/06 17:44:48 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\PeerNetworking
[2010/06/29 21:08:43 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Quicken WillMaker
[2011/06/25 22:23:41 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Samsung
[2008/04/04 16:16:55 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Snapfish
[2011/12/02 09:18:32 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\SpeedyPC Software
[2011/07/05 12:45:03 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\TechWizard
[2008/05/03 17:56:48 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Template
[2008/10/11 16:06:36 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\WildTangent
[2008/05/18 17:32:12 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\WinBatch
[2011/12/18 20:14:06 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-615362757-4080515931-4032410649-1000Core.job
[2011/12/19 14:14:02 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-615362757-4080515931-4032410649-1000UA.job
[2011/12/18 14:02:40 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ========== < End of report >
________________________________________________________________________________________________
OTL Extras logfile created on: 12/19/2011 4:43:00 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kevin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
893.76 Mb Total Physical Memory | 216.47 Mb Available Physical Memory | 24.22% Memory free
2.00 Gb Paging File | 0.92 Gb Available in Paging File | 45.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102.95 Gb Total Space | 43.29 Gb Free Space | 42.05% Space Free | Partition Type: NTFS
Drive D: | 8.84 Gb Total Space | 1.20 Gb Free Space | 13.53% Space Free | Partition Type: NTFS
Computer Name: CONNER | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ED0A34B-AE2D-46F9-A2DA-C9CD3F5424D7}" = lport=5900 | protocol=6 | dir=in | name=arejygtw784 |
"{15F141E1-C651-45B9-BFD4-79CD2C6E4D38}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{185E53CB-435C-4CCD-B295-99E1F061AB42}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{18A11E86-8139-44D4-834A-166877B80A26}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C3ADB37-A1A9-47DF-857B-C0288D150D09}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B1CA485-1E5E-4AB7-AEB9-620DB63E293F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2D22D98B-B96D-4E9B-A384-F0B5A9BC0D5F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3A10A22F-8DD5-4A0E-9889-4CDC8ED1D280}" = lport=3390 | protocol=6 | dir=in | app=system |
"{3ECECE57-7315-4D28-882F-9B6D40D86D05}" = lport=10244 | protocol=6 | dir=in | app=system |
"{3F199292-1DDF-4280-8650-36E7D1C17DAF}" = rport=10244 | protocol=6 | dir=out | app=system |
"{4C1EEA3B-3B17-4246-927D-2B7EE32C0C82}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4FF111A7-17A4-4E62-BF78-22E15EDACDB8}" = lport=3390 | protocol=6 | dir=in | app=system |
"{63671C0C-88C6-42B0-8DBA-5E73F6E041A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6800296D-95A6-4BB5-998F-1186468C9286}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{69B3E754-1599-4C6C-95CC-9C5730C2E8C9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{728262CC-8B6E-4431-A825-369C024D6266}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7BA8D53E-C33E-412A-94F4-9A372C368372}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{83A44266-CF2D-40F7-A000-09DAA65C5F8A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8A05BF88-94BF-49B4-8DAD-877FEFEBAD4F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C8720FF-BF3B-44A0-A142-7CA3EE517184}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9022BF86-83BE-4B62-9EB8-D9CCA38AB2C1}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{94E1CBC1-389F-41BB-8D96-B5CDED26DE77}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{94E31D38-7864-4EC8-AEE5-D4CE8EFCB63B}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{9BA5DE78-ECFF-449A-A69F-80AC97C9C91E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E1F8B5D-670F-42ED-AC8F-A62CE6B8BEB6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A00B818D-639C-468A-B348-43D02AACD69B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0E4D87A-90A1-4BC8-AEAF-6ACEF92D2B92}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A577EB1A-4EF1-4B3D-B4C3-48EFA5264CFD}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{AEEB7BD1-51C8-4D0A-9906-0C2D463A457C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BEFDA72A-A117-41F8-8053-4AB7998A7F96}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C975FB6C-3125-4114-BC3F-F09A4547B5D1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C9FB4A98-22A8-4755-973A-8A8866B69715}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D093C35C-B6ED-4813-B427-101662164112}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D1246F6E-1299-4BC2-B978-558FCD728D6B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D5F15B6C-D164-45FB-B7B9-59CCE6CDCA69}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D641270C-B370-49C5-83CD-CC959DE33519}" = lport=10244 | protocol=6 | dir=in | app=system |
"{D6E5504F-8C33-4F23-9199-7A956E2DA669}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{E1D4E074-C1A8-48EF-8481-4BDC1980B449}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{E91D245A-08D0-4C11-9B7C-2F71DD10FDA6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F529F621-FB21-4CB0-9CF1-5A8E7FC15CA4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F85A42BD-368A-48D6-882B-3588864FAC1D}" = rport=10244 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0247B87E-FD61-4390-8B5C-F9A9297AB231}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{03BBF7A8-654C-4F46-A4F9-DC52FE578B5E}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{05361BBB-9772-48CD-9DF7-822A35F519D8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0FA23DA9-32CD-4944-86F3-CE28766A55C2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{156DE949-22B9-4334-8225-CF2CA827CB80}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{1E499903-9DEA-445E-ADEC-D821482E69BE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1F1EBF2F-84F0-4862-B561-E97412B78086}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2176C71C-4365-42EF-8B80-2DDE4059A3CB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{23D52A96-424E-4EB0-97D3-94AA13F43B7B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2CBBCCFC-CB04-4176-A73B-D815D11F1416}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{2E20E8CC-A348-43A4-B7C2-7F77B3288E9A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{31967652-674A-478F-B0DD-09F7B17445F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{349147F5-D243-4C52-80D1-D630F6344787}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{357C0DA0-3CF6-420E-BC1F-3178CFA785F9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{38979077-B8BF-42A8-B4B0-4FCC7FC47721}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{3CF6EB73-0E88-4F6F-A01A-08DA8D1CC0CC}" = protocol=6 | dir=out | app=system |
"{4A083ACA-84AD-43E7-8A32-6FFFB9A27B66}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{4C89E2BD-E65B-428A-B1FC-717F1653D386}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{4E4FD12A-7E5C-43C9-B400-B73788187AC2}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{57D507B2-3A86-4648-869B-752DFF60EB40}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{5FC63794-CA34-45E0-9BA5-1A9A5FE0D00B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6AFD231E-A76F-4925-8A32-2B09E5708053}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6E9F2245-4626-4626-82C8-5289E8B79590}" = protocol=17 | dir=in | app=c:\program files\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{729AAB78-B282-412C-B70F-7930A8BE3865}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{81150EF4-C9BC-442F-A672-B74CFD514636}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{84D9AFA6-60F3-472B-B7E1-6F5B82B1F492}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{872F7578-0E64-4ACF-B0FC-DA0822031106}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{905870E9-CB2B-4FBF-B808-448119E0D51A}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{937E70DB-F7B4-46F7-BE49-23825EC5447A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9774C23F-8914-4A73-9E97-F0038F2AA052}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B72E89E-CA8F-4F6C-921D-A23878D0EC6B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{A103BA68-B0CF-404B-B3FB-C690B691B7A9}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{A32B85FE-59E1-4C67-8362-B41934F2692C}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A3C5D3D7-570A-4E94-8897-6C16E4289B16}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B08C9E18-CD90-4462-8F8F-EF536A3ABA97}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{B800253B-6F42-4689-947D-5A326C065CF6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{B861C5B1-0C38-4575-93CB-6826C8C334F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B9E42C76-F881-4E10-9FBB-756AA5B0B73D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C09C8A67-895B-4CD6-B959-1A5B4E46AA7E}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C77F4B02-4DFF-4B40-853D-6D2098DA49CE}" = protocol=6 | dir=in | app=c:\program files\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{C9103999-7915-42C7-A7C9-1407E7426590}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CC0D2874-E1B0-4A85-A114-A7B644D82E0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D21A7DA1-4A30-484D-9AFF-A191B676B659}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{D4AA08A2-8343-43B2-9D2D-1A5890772F56}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DEFFBFA7-F451-4C3A-9DC4-D751BB790295}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{E19BA1EA-7073-4256-8E42-6FF50200A7F2}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{E3C94DB1-C208-4500-B8E4-C6F1D6CA6AB1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{E6416419-53D8-41F2-A49C-468AFE4304BE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{E89BE4CD-8D56-412A-881D-DB9477FE43A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E920671E-18DD-4863-8C60-31F502B7A34D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{EA5CC671-45E5-4D71-8FD5-29E800B70503}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{EC87BA5A-BE4E-4C3F-8C86-7EECA93AECE4}" = protocol=6 | dir=in | app=c:\program files\cinemanow\cinemanow media manager\cnupdater.exe |
"{EEDBF9B1-E1F0-4B4C-9B0A-F49A8499161D}" = protocol=17 | dir=in | app=c:\program files\cinemanow\cinemanow media manager\cnupdater.exe |
"{F04A2D95-78F7-433B-94D7-98BBEE59E413}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{F204B556-E2C6-4C0E-ABFF-428F5A8281AF}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F2E349B1-8861-47BE-B2F5-A5BEEE8C94FF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{F720CCB7-535A-488B-9E1F-4A6915A3C164}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{FCFA3356-D092-4096-8342-F75CA3CDBA12}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{FF27CB8B-843F-42AE-BAFA-676670479CDD}" = dir=in | app=c:\users\kevin\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{1296F66A-5FD1-49EE-9869-FDCC16CCCC3C}C:\program files\steam\steamapps\gunn3rzer0\half-life\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\gunn3rzer0\half-life\hl.exe |
"TCP Query User{5F71CB5F-9BCA-437E-BE2A-11436A4DA2AE}C:\users\kevin\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\kevin\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{660A1403-59E8-4EBB-92B7-AF86A9E372FF}J:\techwizard.exe" = protocol=6 | dir=in | app=j:\techwizard.exe |
"TCP Query User{93E3F2B5-70F1-48B5-B57A-4A19D8E15273}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A0D5C37B-068A-440E-B31B-F517CFE3AACF}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{D0510EF3-5C88-4960-9590-22C060408538}C:\users\kevin\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\kevin\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{4365C50E-D419-44D3-B721-4763D3A17079}J:\techwizard.exe" = protocol=17 | dir=in | app=j:\techwizard.exe |
"UDP Query User{73A33DF5-4DF2-4DD4-8CE6-74F8A054C3C9}C:\users\kevin\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\kevin\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{8AB0EE02-2D6A-491F-AA1B-96FD2C4746E5}C:\program files\steam\steamapps\gunn3rzer0\half-life\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\gunn3rzer0\half-life\hl.exe |
"UDP Query User{8FF92EC7-F00A-4DCE-94AC-CEE5076D8F21}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{A5828AC3-AACE-4A2D-9AB1-7CD8DD158E44}C:\users\kevin\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\kevin\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{E331089B-7D19-494F-AA62-05E28E553D27}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 29
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9FA93155-472F-4778-87A8-95244FD1535D}" = OLYMPUS Master 2
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECEB0FF-5C45-4b50-9A00-C596E36D88F4}" = C7200
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Belarc Advisor" = Belarc Advisor 7.2
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"DPP" = Canon Utilities Digital Photo Professional 3.10
"EOS Sample Music" = Canon Utilities EOS Sample Music
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"Google Updater" = Google Updater
"Hoyle Crosswords-Sudoku" = Hoyle Crosswords-Sudoku
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Quicken WillMaker 2010" = Quicken WillMaker 2010
"RealVNC_is1" = VNC Free Edition 4.1.2
"Shop for HP Supplies" = Shop for HP Supplies
"Steam App 5" = Dedicated Server
"Steam App 70" = Half-Life
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver
"xfin_portal" = XFINITY Toolbar
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"YTdetect" = Yahoo! Detect
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-615362757-4080515931-4032410649-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 8/13/2011 6:33:15 PM | Computer Name = Conner | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 13e4 Start Time: 01cc59f49b855c90 Termination Time: 11574
Error - 8/17/2011 3:56:09 PM | Computer Name = Conner | Source = MsiInstaller | ID = 11905
Description =
Error - 8/19/2011 9:41:35 AM | Computer Name = Conner | Source = Application Error | ID = 1000
Description = Faulting application hpasset.exe, version 3.0.0.3, time stamp 0x4ab90f9f,
faulting module hpasset.exe, version 3.0.0.3, time stamp 0x4ab90f9f, exception
code 0xc0000005, fault offset 0x0003f1c9, process id 0x1344, application start time
0x01cc5e75ae513457.
Error - 8/23/2011 3:45:26 PM | Computer Name = Conner | Source = VSS | ID = 8194
Description =
Error - 8/31/2011 9:09:10 PM | Computer Name = Conner | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: f08 Start Time: 01cc684396687e79 Termination Time: 10
Error - 9/2/2011 7:56:05 AM | Computer Name = Conner | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: dbc Start Time: 01cc6966f273c500 Termination Time: 330
Error - 9/2/2011 9:05:15 AM | Computer Name = Conner | Source = Application Error | ID = 1000
Description = Faulting application hpasset.exe, version 3.0.0.3, time stamp 0x4ab90f9f,
faulting module hpasset.exe, version 3.0.0.3, time stamp 0x4ab90f9f, exception
code 0xc0000005, fault offset 0x0003f1c9, process id 0x11c4, application start time
0x01cc6970cb1ef7e0.
Error - 9/4/2011 4:03:50 PM | Computer Name = Conner | Source = Application Error | ID = 1000
Description = Faulting application stxmenumgr.exe, version 4.7.0.10, time stamp
0x4abdb427, faulting module MSVCR80.dll, version 8.0.50727.6195, time stamp 0x4dcddbf3,
exception code 0x40000015, fault offset 0x000046b4, process id 0xa2c, application
start time 0x01cc6966b7d80be0.
Error - 9/9/2011 9:04:27 AM | Computer Name = Conner | Source = Application Error | ID = 1000
Description = Faulting application hpasset.exe, version 3.0.0.3, time stamp 0x4ab90f9f,
faulting module hpasset.exe, version 3.0.0.3, time stamp 0x4ab90f9f, exception
code 0xc0000005, fault offset 0x0003f1c9, process id 0x148c, application start time
0x01cc6ef0f261bdc0.
Error - 9/15/2011 6:12:08 AM | Computer Name = Conner | Source = Windows Search Service | ID = 7040
Description =
[ Media Center Events ]
Error - 5/30/2008 5:31:21 AM | Computer Name = Kevin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 5/31/2008 11:26:25 AM | Computer Name = Kevin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 6/2/2008 1:15:17 AM | Computer Name = Kevin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 6/4/2008 3:23:53 PM | Computer Name = Kevin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 6/7/2008 2:00:21 PM | Computer Name = Kevin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 7/10/2008 5:38:36 PM | Computer Name = Kevin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 7/25/2008 5:45:53 AM | Computer Name = Kevin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 9/8/2008 3:31:42 PM | Computer Name = Kevin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 11/22/2008 3:09:18 AM | Computer Name = Kevin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 1/5/2010 8:46:32 PM | Computer Name = Kevin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ System Events ]
Error - 12/18/2011 11:43:30 AM | Computer Name = Conner | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:42:55 AM on 12/18/2011 was unexpected.
Error - 12/18/2011 11:45:53 AM | Computer Name = Conner | Source = Service Control Manager | ID = 7022
Description =
Error - 12/18/2011 11:45:53 AM | Computer Name = Conner | Source = Service Control Manager | ID = 7026
Description =
Error - 12/18/2011 1:19:45 PM | Computer Name = Conner | Source = Service Control Manager | ID = 7022
Description =
Error - 12/18/2011 1:19:45 PM | Computer Name = Conner | Source = Service Control Manager | ID = 7026
Description =
Error - 12/18/2011 3:06:36 PM | Computer Name = Conner | Source = Service Control Manager | ID = 7022
Description =
Error - 12/18/2011 3:06:37 PM | Computer Name = Conner | Source = Service Control Manager | ID = 7026
Description =
Error - 12/18/2011 5:11:16 PM | Computer Name = Conner | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:36:01 PM on 12/18/2011 was unexpected.
Error - 12/18/2011 5:13:30 PM | Computer Name = Conner | Source = Service Control Manager | ID = 7022
Description =
Error - 12/18/2011 5:13:32 PM | Computer Name = Conner | Source = Service Control Manager | ID = 7026
Description =
< End of report >
_________________________________________________________________________________________________
SystemLook 30.07.11 by jpshortstuff
Log created at 16:53 on 19/12/2011 by Kevin
Administrator - Elevation successful
========== Filefind ==========
Searching for "*mpdetection*"
C:\ProgramData\Microsoft\Microsoft Antimalware\Support\MPDetection-10132011-010903.log --a---- 14378 bytes [05:09 13/10/2011] [01:44 17/11/2011] C6F6100E4EFF7D600619C863D71490EA
C:\ProgramData\Microsoft\Microsoft Antimalware\Support\MPDetection-11172011-082450.log --a---- 25692 bytes [13:24 17/11/2011] [04:59 18/12/2011] F80BFF5DB768507BAFBCB8C015B81C93
C:\ProgramData\Microsoft\Microsoft Antimalware\Support\MPDetection-12182011-104329.log --a---- 2380 bytes [15:43 18/12/2011] [21:21 19/12/2011] EB092582FD2C2F8E49F0C73A691FD42C
C:\Users\All Users\Microsoft\Microsoft Antimalware\Support\MPDetection-10132011-010903.log --a---- 14378 bytes [05:09 13/10/2011] [01:44 17/11/2011] C6F6100E4EFF7D600619C863D71490EA
C:\Users\All Users\Microsoft\Microsoft Antimalware\Support\MPDetection-11172011-082450.log --a---- 25692 bytes [13:24 17/11/2011] [04:59 18/12/2011] F80BFF5DB768507BAFBCB8C015B81C93
C:\Users\All Users\Microsoft\Microsoft Antimalware\Support\MPDetection-12182011-104329.log --a---- 2380 bytes [15:43 18/12/2011] [21:21 19/12/2011] EB092582FD2C2F8E49F0C73A691FD42C
-= EOF =-
_________________________________________________________________________________________________
-Jaded