Here are the logs. Thank you!
OTL logfile created on: 8/10/2012 7:46:39 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Robert\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.70% Memory free
4.24 Gb Paging File | 2.34 Gb Available in Paging File | 55.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 213.54 Gb Free Space | 71.64% Space Free | Partition Type: NTFS
Computer Name: ROBERT-PC | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/08/10 13:15:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/05 21:16:24 | 000,451,072 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012/04/05 21:15:50 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/29 18:36:10 | 000,329,824 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/12/02 17:46:24 | 000,045,472 | ---- | M] (SOS Online Backup) -- C:\Program Files\SOS Online Backup\SMessaging.exe
PRC - [2011/08/11 10:27:42 | 015,490,560 | ---- | M] () -- C:\Users\Robert\AppData\Local\Autobahn\nexdef.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/08/30 01:05:10 | 000,790,609 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
========== Modules (No Company Name) ========== MOD - [2012/06/14 10:39:28 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9104e78d8897df008eed3a2af3bda6a2\WindowsFormsIntegration.ni.dll
MOD - [2012/06/14 10:38:04 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012/06/14 10:17:52 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 10:17:42 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 10:17:15 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 03:33:28 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/10 03:41:33 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5fd0071c259b92078ced7cd752a14730\UIAutomationProvider.ni.dll
MOD - [2012/05/10 03:40:01 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\32983e3f4c5c20053e6673f37a58a874\System.IdentityModel.ni.dll
MOD - [2012/05/10 03:40:00 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1619144e1a9eaca847e53b952b21820b\System.Runtime.Serialization.ni.dll
MOD - [2012/05/10 03:39:58 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\521fb04fdfbb0039a34cc91111d11804\SMDiagnostics.ni.dll
MOD - [2012/05/10 03:39:57 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1dac5ff29f483e19c77b23b00ba533f9\System.ServiceModel.ni.dll
MOD - [2012/05/10 03:39:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 03:39:30 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll
MOD - [2012/05/10 03:39:30 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll
MOD - [2012/05/10 03:39:30 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.Wrapper.dll
MOD - [2012/05/10 03:39:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 03:37:40 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 03:36:52 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll
MOD - [2012/05/10 03:36:47 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/10 03:36:42 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 03:35:48 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 03:35:37 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 03:35:15 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/04/05 22:00:20 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012/04/05 20:09:10 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2011/08/11 10:27:44 | 000,159,744 | ---- | M] () -- C:\Users\Robert\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
MOD - [2011/08/11 10:27:44 | 000,069,632 | ---- | M] () -- C:\Users\Robert\AppData\Local\Autobahn\rt\bin\java.dll
MOD - [2011/08/11 10:27:42 | 015,490,560 | ---- | M] () -- C:\Users\Robert\AppData\Local\Autobahn\nexdef.exe
MOD - [2011/08/11 10:27:40 | 000,126,976 | ---- | M] () -- C:\Users\Robert\AppData\Local\Autobahn\rt\bin\zip.dll
MOD - [2011/08/11 10:27:40 | 000,020,480 | ---- | M] () -- C:\Users\Robert\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
MOD - [2011/04/14 20:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/04/11 01:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/04/10 21:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/03/29 23:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/29 23:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
========== Win32 Services (SafeList) ========== SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/05 21:15:50 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stop_Pending] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/08/10 10:57:03 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0A702AEA-180D-41F0-B40A-289683B659FD}\MpKsl188092f2.sys -- (MpKsl188092f2)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/04/06 00:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/04/05 20:10:22 | 000,275,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/02/23 07:31:36 | 000,083,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2009/09/05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/12/17 18:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/07/26 22:03:00 | 000,058,880 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sxuptp.sys -- (sxuptp)
DRV - [2004/08/13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3824592973-3764995561-3676388105-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKU\S-1-5-21-3824592973-3764995561-3676388105-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/?ocid=iehpIE - HKU\S-1-5-21-3824592973-3764995561-3676388105-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3824592973-3764995561-3676388105-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 A5 3E 75 10 C7 CC 01 [binary data]
IE - HKU\S-1-5-21-3824592973-3764995561-3676388105-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3824592973-3764995561-3676388105-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3824592973-3764995561-3676388105-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3824592973-3764995561-3676388105-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS464
IE - HKU\S-1-5-21-3824592973-3764995561-3676388105-1000\..\SearchScopes\{CED4E89A-6302-4BA7-AD9A-B64A0C6926CD}: "URL" =
http://websearch.ask.com/custom/java/re ... src=crm&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000
IE - HKU\S-1-5-21-3824592973-3764995561-3676388105-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SMessaging] C:\Program Files\SOS Online Backup\SMessaging.exe (SOS Online Backup)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3824592973-3764995561-3676388105-1000\..Trusted Domains: defensivedriving.com ([www] https in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B940A2B-7D4F-4FCB-BD4F-BD5A072957EC}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ========== [2012/08/10 13:15:49 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
[2012/08/10 10:50:48 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/08/10 10:50:00 | 000,000,000 | ---D | C] -- C:\20bd7077bd6e5ce283
[2012/08/10 10:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/10 10:45:45 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/08/10 10:01:30 | 010,288,512 | ---- | C] (Microsoft Corporation) -- C:\Users\Robert\Desktop\mseinstall.exe
[2012/08/07 14:07:26 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\thinkorswim
[2012/08/07 11:04:09 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Malwarebytes
[2012/08/07 11:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/07 11:04:05 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/07 11:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/07 11:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/06 23:49:27 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Apps
[2012/08/06 13:22:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Robert\Desktop\dds.scr
[2012/08/06 12:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/06 12:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/08/06 12:34:57 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/08/06 12:34:24 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/06 12:34:24 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/08/06 12:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/08/06 12:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/17 12:46:19 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\101 Royal new listing 7.17.12
[2012/07/12 03:04:08 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
========== Files - Modified Within 30 Days ========== [2012/08/10 18:49:13 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/10 18:49:13 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/10 13:15:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
[2012/08/10 10:56:51 | 000,639,404 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/10 10:56:51 | 000,117,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/10 10:50:07 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/10 10:49:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/10 10:01:37 | 010,288,512 | ---- | M] (Microsoft Corporation) -- C:\Users\Robert\Desktop\mseinstall.exe
[2012/08/10 03:18:57 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\SOS Online Backup -
rsmith@houstonsuburbanrealestate.com.job[2012/08/08 11:54:19 | 000,045,051 | ---- | M] () -- C:\Users\Robert\Desktop\AgentInventory.pdf
[2012/08/08 09:12:59 | 000,013,710 | ---- | M] () -- C:\Users\Robert\Desktop\shadowtraderproswing.pdf
[2012/08/07 14:10:29 | 000,001,742 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\thinkorswim.lnk
[2012/08/07 11:04:06 | 000,000,930 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/07 11:04:06 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/06 13:20:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Robert\Desktop\dds.scr
[2012/08/06 12:33:59 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/06 12:33:59 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/08/03 15:20:35 | 000,598,666 | ---- | M] () -- C:\Users\Robert\Desktop\Layout1.pdf
[2012/08/03 14:55:49 | 000,305,767 | ---- | M] () -- C:\Users\Robert\Desktop\18 acre tract specifics.jpg
[2012/08/03 14:11:01 | 000,646,323 | ---- | M] () -- C:\Users\Robert\Desktop\Friendswood Comps 8.3.13.pdf
[2012/08/03 14:10:47 | 000,353,038 | ---- | M] () -- C:\Users\Robert\Desktop\Friendswood Comps 8.3.12.jpg
[2012/08/03 14:08:57 | 000,353,038 | ---- | M] () -- C:\Users\Robert\Documents\Friendswood listings.sales 8.3.12.jpg
[2012/08/03 10:59:06 | 000,665,858 | ---- | M] () -- C:\Users\Robert\Desktop\Comps.pdf
[2012/08/03 10:41:01 | 000,207,841 | ---- | M] () -- C:\Users\Robert\Desktop\Friendswood Properties for Sale.pdf
[2012/07/23 18:04:21 | 002,387,130 | ---- | M] () -- C:\Users\Robert\Desktop\1307 Jasmine Survey,Overview,Mls.pdf
[2012/07/23 13:58:31 | 000,183,099 | ---- | M] () -- C:\Users\Robert\Desktop\9 acres Gulf Fwy..pdf
[2012/07/23 13:38:04 | 000,705,982 | ---- | M] () -- C:\Users\Robert\Desktop\Addendum #2 18 acres.JPG
[2012/07/18 12:35:02 | 000,057,954 | ---- | M] () -- C:\Users\Robert\Desktop\FinAddendum.pdf
[2012/07/18 12:18:27 | 000,039,348 | ---- | M] () -- C:\Users\Robert\Desktop\Cma- Fairdale Oaks.pdf
[2012/07/16 14:41:48 | 000,101,048 | ---- | M] () -- C:\Users\Robert\Desktop\Royal 7.16.12.pdf
[2012/07/16 12:22:47 | 000,061,014 | ---- | M] () -- C:\Users\Robert\Desktop\high meadow listing.pdf
[2012/07/12 09:25:26 | 000,370,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ========== [2012/08/10 10:47:12 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/08/10 10:46:52 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/08 11:54:24 | 000,045,051 | ---- | C] () -- C:\Users\Robert\Desktop\AgentInventory.pdf
[2012/08/08 09:13:04 | 000,013,710 | ---- | C] () -- C:\Users\Robert\Desktop\shadowtraderproswing.pdf
[2012/08/07 14:07:26 | 000,001,742 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\thinkorswim.lnk
[2012/08/07 11:04:06 | 000,000,930 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/07 11:04:06 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/03 15:20:49 | 000,598,666 | ---- | C] () -- C:\Users\Robert\Desktop\Layout1.pdf
[2012/08/03 14:55:49 | 000,305,767 | ---- | C] () -- C:\Users\Robert\Desktop\18 acre tract specifics.jpg
[2012/08/03 14:11:20 | 000,646,323 | ---- | C] () -- C:\Users\Robert\Desktop\Friendswood Comps 8.3.13.pdf
[2012/08/03 14:10:47 | 000,353,038 | ---- | C] () -- C:\Users\Robert\Desktop\Friendswood Comps 8.3.12.jpg
[2012/08/03 14:08:57 | 000,353,038 | ---- | C] () -- C:\Users\Robert\Documents\Friendswood listings.sales 8.3.12.jpg
[2012/08/03 10:59:16 | 000,665,858 | ---- | C] () -- C:\Users\Robert\Desktop\Comps.pdf
[2012/08/03 10:40:59 | 000,207,841 | ---- | C] () -- C:\Users\Robert\Desktop\Friendswood Properties for Sale.pdf
[2012/07/23 18:04:21 | 002,387,130 | ---- | C] () -- C:\Users\Robert\Desktop\1307 Jasmine Survey,Overview,Mls.pdf
[2012/07/23 13:58:55 | 000,183,099 | ---- | C] () -- C:\Users\Robert\Desktop\9 acres Gulf Fwy..pdf
[2012/07/23 13:40:06 | 000,705,982 | ---- | C] () -- C:\Users\Robert\Desktop\Addendum #2 18 acres.JPG
[2012/07/18 12:35:13 | 000,057,954 | ---- | C] () -- C:\Users\Robert\Desktop\FinAddendum.pdf
[2012/07/18 12:19:07 | 000,039,348 | ---- | C] () -- C:\Users\Robert\Desktop\Cma- Fairdale Oaks.pdf
[2012/07/16 14:42:08 | 000,101,048 | ---- | C] () -- C:\Users\Robert\Desktop\Royal 7.16.12.pdf
[2012/07/16 12:23:07 | 000,061,014 | ---- | C] () -- C:\Users\Robert\Desktop\high meadow listing.pdf
[2012/04/18 01:34:09 | 000,003,584 | ---- | C] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/05 22:34:22 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/03/25 13:15:24 | 014,776,568 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\SMRBackup250.dat
[2012/01/10 16:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/01/05 13:34:33 | 000,000,367 | ---- | C] () -- C:\Windows\System32\CNCMFP12.INI
[2012/01/02 18:05:43 | 000,125,265 | ---- | C] () -- C:\Users\Robert\3311 Pochivalova.offer.pdf
[2012/01/02 18:04:02 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2012/01/02 17:55:04 | 000,000,088 | ---- | C] () -- C:\Users\Robert\.java.policy
[2011/12/30 11:04:50 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/12/29 14:03:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/12/29 14:03:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/12/29 14:02:37 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/12/29 09:47:11 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2011/12/15 19:08:25 | 000,063,730 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf
[2011/12/15 18:54:13 | 000,000,072 | ---- | C] () -- C:\Windows\VSWizard.ini
[2011/12/14 16:16:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/12/14 14:55:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2011/12/14 14:55:07 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2011/12/14 14:55:05 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2011/12/14 14:55:05 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2011/12/14 14:39:21 | 000,000,680 | ---- | C] () -- C:\Users\Robert\AppData\Local\d3d9caps.dat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/04/20 02:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
========== LOP Check ========== [2011/12/30 13:53:51 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\WinPatrol
[2012/08/10 10:47:34 | 000,032,478 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/10 03:18:57 | 000,000,496 | ---- | M] () -- C:\Windows\Tasks\SOS Online Backup -
rsmith@houstonsuburbanrealestate.com.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 164 bytes -> C:\Users\Robert\Desktop\Addendum #2 18 acres.JPG:3or4kl4x13tuuug3Byamue2s4b
< End of report >
OTL Extras logfile created on: 8/10/2012 7:46:39 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Robert\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.70% Memory free
4.24 Gb Paging File | 2.34 Gb Available in Paging File | 55.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 213.54 Gb Free Space | 71.64% Space Free | Partition Type: NTFS
Computer Name: ROBERT-PC | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4B09CEF2-D4F0-4176-BEB1-AD24DCF0DE50}" = lport=19540 | protocol=17 | dir=in | name=sxuptp |
"{D2174FDF-382C-489D-9372-EF216E15C3DF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0372D390-0CF8-43F8-84D4-E6A72501D083}" = protocol=6 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe |
"{14154303-7F68-47AB-99F2-C12FE8DDB66F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{675943C2-A11D-4C93-B3C2-63F465B7D7C9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{8BAD41BE-042B-4C6C-B92F-AEA4645EA3DD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{AC6A2EE3-6290-42D5-A85B-AC5E50D5A62A}" = protocol=17 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe |
"{CAD0A3B1-8106-4DB2-8D33-3E83D8394A07}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"TCP Query User{37B222CF-E961-4E6D-BC6D-74E6F502AF68}C:\program files\belkin\network usb hub control center\connect.exe" = protocol=6 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe |
"UDP Query User{D80B2998-A977-4575-ABC2-9384677AED73}C:\program files\belkin\network usb hub control center\connect.exe" = protocol=17 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F897E00-83A6-4133-54E1-58F8D35E61C2}" = AMD Catalyst Install Manager
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2FC92BF4-F8BB-755F-755C-D756383C4CF3}" = ccc-utility
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A588B888-30D2-4F16-9139-91FE8836DCE3}" = SOS Online Backup
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Autobahn" = NexDef Plug-in
"Belkin Network USB Hub Control Center" = Belkin Network USB Hub Control Center
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"thinkorswim" = thinkorswim
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 8/4/2012 12:58:09 AM | Computer Name = Robert-PC | Source = Symantec AntiVirus | ID = 16711731
Description =
Error - 8/5/2012 3:41:25 AM | Computer Name = Robert-PC | Source = VSS | ID = 8194
Description =
Error - 8/6/2012 3:41:26 AM | Computer Name = Robert-PC | Source = VSS | ID = 8194
Description =
Error - 8/7/2012 12:02:51 PM | Computer Name = Robert-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 8/9/2012 3:41:32 AM | Computer Name = Robert-PC | Source = VSS | ID = 8194
Description =
Error - 8/9/2012 10:19:36 AM | Computer Name = Robert-PC | Source = Application Error | ID = 1000
Description = Faulting application IeEmbed.exe, version 0.9.1.0, time stamp 0x45497884,
faulting module jscript.dll, version 5.8.6001.19163, time stamp 0x4e9d1a54, exception
code 0xc0000005, fault offset 0x00014e6f, process id 0x10ac, application start time
0x01cd7639db46ccc5.
Error - 8/9/2012 10:21:42 AM | Computer Name = Robert-PC | Source = Application Hang | ID = 1002
Description = The program thinkorswim.exe version 0.0.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1598 Start Time: 01cd7639c7866745 Termination Time: 406
Error - 8/10/2012 3:41:34 AM | Computer Name = Robert-PC | Source = VSS | ID = 8194
Description =
Error - 8/10/2012 11:05:41 AM | Computer Name = Robert-PC | Source = Symantec AntiVirus | ID = 16711754
Description =
Error - 8/10/2012 11:07:12 AM | Computer Name = Robert-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 1/25/2012 4:23:54 PM | Computer Name = Robert-PC | Source = acvpnui | ID = 67108866
Description = Function: ConnectIfc::sendRequest File: .\ConnectIfc.cpp Line: 3036 Invoked
Function: CTransport::SendRequest Return Code: -29949932 (0xFE370014) Description:
CTRANSPORT_ERROR_CONNECT
Error - 1/25/2012 4:23:54 PM | Computer Name = Robert-PC | Source = acvpnui | ID = 67108866
Description = Function: ConnectIfc::connect File: .\ConnectIfc.cpp Line: 452 Invoked
Function: ConnectIfc::sendRequest Return Code: -29949932 (0xFE370014) Description:
CTRANSPORT_ERROR_CONNECT
Error - 1/25/2012 4:23:54 PM | Computer Name = Robert-PC | Source = acvpnui | ID = 67108866
Description = Function: ConnectIfc::TranslateStatusCode File: .\ConnectIfc.cpp Line:
2874 Invoked Function: ConnectIfc::TranslateStatusCode Return Code: -29949932 (0xFE370014)
Description:
CTRANSPORT_ERROR_CONNECT Connection attempt has failed due to network or PC issue.
Error - 1/25/2012 4:23:54 PM | Computer Name = Robert-PC | Source = acvpnui | ID = 67108866
Description = Function: ConnectMgr::doConnectIfcConnect File: .\ConnectMgr.cpp Line:
1867 Invoked Function: ConnectIfc::connect Return Code: -29949932 (0xFE370014) Description:
CTRANSPORT_ERROR_CONNECT
Error - 1/25/2012 4:23:54 PM | Computer Name = Robert-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::processIfcData File: .\ConnectMgr.cpp Line: 2315
Content
type (unknown) received. Response type (failed) from client.vpn.lsu.edu :
Error - 1/25/2012 4:23:54 PM | Computer Name = Robert-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::connect File: .\ConnectMgr.cpp Line: 1922 ConnectMgr::processIfcData
failed
Error - 1/25/2012 4:23:54 PM | Computer Name = Robert-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::initiateConnect File: .\ConnectMgr.cpp Line: 983
Connection
failed.
Error - 1/25/2012 4:23:54 PM | Computer Name = Robert-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::OnIpcMessageReceivedAtDepot File: .\MainThread.cpp
Line:
4315 Invoked Function: CNotifyAgentPreTunnelTlv Return Code: -32374782 (0xFE120002)
Description:
TLV_ERROR_BAD_PARAMETER
Error - 1/25/2012 4:23:56 PM | Computer Name = Robert-PC | Source = acvpnui | ID = 67108866
Description = Function: ConnectMgr::run File: .\ConnectMgr.cpp Line: 568 Invoked Function:
ConnectMgr::initiateConnect Return Code: -29556727 (0xFE3D0009) Description: CONNECTMGR_ERROR_UNEXPECTED
Error - 1/25/2012 4:25:00 PM | Computer Name = Robert-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 7: The agent has been stopped.
[ System Events ]
Error - 7/11/2012 8:35:01 PM | Computer Name = Robert-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:35:20 PM on 7/11/2012 was unexpected.
Error - 7/19/2012 7:43:05 PM | Computer Name = Robert-PC | Source = DCOM | ID = 10005
Description =
Error - 7/19/2012 7:43:08 PM | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 7/19/2012 7:43:08 PM | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 7/19/2012 7:43:23 PM | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 7/19/2012 7:43:23 PM | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 7/26/2012 9:53:12 PM | Computer Name = Robert-PC | Source = bowser | ID = 8003
Description =
Error - 8/3/2012 11:13:30 PM | Computer Name = Robert-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:09:25 PM on 8/3/2012 was unexpected.
Error - 8/3/2012 11:16:40 PM | Computer Name = Robert-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:14:30 PM on 8/3/2012 was unexpected.
Error - 8/6/2012 2:18:41 PM | Computer Name = Robert-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:15:43 PM on 8/6/2012 was unexpected.
< End of report >