Post by: Mr Bell on March 07, 2010, 07:24:28 PM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:23 PM, on 2/18/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Singlesnet] C:\Program Files\Singlesnet\Singlesnet\Singlesnet.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (http://\"http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab\")
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7971 bytes
Post by: guestolo on March 07, 2010, 07:54:31 PM
Can you do the following
Download [color=\"#FF0000\"]OTL.exe[/color] (http://\"http://oldtimer.geekstogo.com/OTL.exe\")[/url] by OldTimer to your Desktop.
- Close all windows and right click on OTL.exe and choose to "Run as Administrator"
- Ensure there is a tick beside Safelist under "Extra Registry"
- Click Run Scan and let the program run uninterrupted.
- It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
- You may need to use two posts to get it all.
NOTE: If you have trouble, or an error message trying to post the logs
Can you upload it to a reply box
In a Reply, select "Browse..." on the bottom right and then navigate to the file and select it
Then click "Upload"
Post by: Mr Bell on March 08, 2010, 04:01:29 PM
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Randy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586.83 Gb Total Space | 458.38 Gb Free Space | 78.11% Space Free | Partition Type: NTFS
Drive D: | 9.34 Gb Total Space | 1.26 Gb Free Space | 13.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: RANDY-PC
Current User Name: Randy
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
PRC - [2010/02/11 13:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/02/07 12:04:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Randy\Desktop\OTL.exe
PRC - [2010/01/26 19:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
PRC - [2010/01/02 01:40:20 | 000,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/12/11 15:45:10 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/12/11 15:44:40 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/12/09 20:27:22 | 000,107,832 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
PRC - [2009/04/22 17:38:50 | 000,065,536 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009/04/22 17:37:16 | 000,065,536 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/01 15:44:24 | 000,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2008/01/20 21:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2007/10/25 04:52:08 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/10/18 06:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/03/11 21:32:42 | 000,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2007/03/11 21:26:24 | 000,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]
MOD - [2010/02/07 12:04:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Randy\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/12/11 15:44:40 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/12/09 20:27:22 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009/12/08 19:36:01 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/08/01 15:44:24 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2008/05/02 21:46:00 | 000,118,784 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/02/01 17:08:50 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/19 16:54:04 | 000,079,136 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/10/18 06:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/09/19 19:30:52 | 000,065,536 | ---- | M] (Hewlett-Packard) [Disabled | Stopped] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2007/08/16 09:56:16 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2007/08/16 09:56:14 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2007/08/16 09:56:10 | 001,092,080 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/07/24 06:14:08 | 000,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/07/24 06:14:06 | 000,358,896 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/07/23 18:33:06 | 000,181,800 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/06/04 22:14:50 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/06/04 22:14:50 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
DRV - [2010/02/11 13:42:34 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/02/11 13:42:13 | 000,162,512 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/02/11 13:39:01 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/02/11 13:38:45 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/02/11 13:38:23 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/12/11 16:03:58 | 005,188,096 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/12/11 16:03:58 | 005,188,096 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2009/12/11 14:50:52 | 000,125,440 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009/11/18 18:24:50 | 000,097,792 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 04:04:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/04/17 12:12:54 | 000,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/01/20 21:24:49 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/14 12:48:16 | 000,005,120 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rcmirror.sys -- (rcmirror)
DRV - [2007/12/11 16:06:00 | 008,238,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/12/07 10:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/12/07 10:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/11/17 14:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/10/25 05:26:10 | 002,015,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/12 10:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/08/14 15:49:42 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdTools.sys -- (AmdTools)
DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/05/31 14:39:50 | 000,022,656 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2007/05/01 04:00:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/01/18 11:24:58 | 000,026,496 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2006/06/19 09:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/12/12 11:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop\")
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop\")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop\")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop\")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=\"#E56717\"]========== FireFox ==========[/color]
FF - prefs.js..browser.startup.homepage: "http://tpgleague.org/dod6/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717
[2008/07/07 10:43:54 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Mozilla\Extensions
[2010/02/06 22:58:43 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\dhojs8md.default\extensions
[2009/05/17 22:07:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\dhojs8md.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/02/20 15:24:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD_Display] File not found
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKCU..\Run: [Singlesnet] C:\Program Files\Singlesnet\Singlesnet\Singlesnet.exe (Singlesnet.com)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab\") (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab\") (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab\") (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (http://\"http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab\") (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Randy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Randy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/04 12:38:24 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
[2010/02/24 05:27:44 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/24 05:27:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/24 05:27:09 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/24 05:27:07 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/24 05:27:04 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/24 05:27:01 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/24 05:27:01 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/24 05:27:01 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/24 05:27:01 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/24 05:27:01 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/24 05:27:01 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/24 05:26:59 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/02/24 05:26:59 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/02/24 05:26:58 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/02/21 18:33:05 | 000,162,512 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/02/21 18:33:05 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/02/21 18:33:05 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/02/21 18:33:05 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/02/21 18:33:05 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/02/21 18:32:48 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/02/21 18:32:48 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/02/21 18:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/02/21 18:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/02/20 15:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010/02/20 15:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2010/02/16 20:57:10 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Roaming\Malwarebytes
[2010/02/16 20:57:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/16 20:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/16 20:57:04 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/02/16 20:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/16 20:42:16 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/16 20:18:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/02/16 20:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/02/16 20:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/02/16 20:16:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Adobe Reader 9 Installer
[2010/02/16 20:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/02/16 19:58:09 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Users\Randy\Desktop\TFC.exe
[2010/02/10 04:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/02/10 00:46:24 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/10 00:46:24 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/10 00:46:19 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/10 00:46:19 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/10 00:46:19 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/10 00:46:19 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/07 12:04:09 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Randy\Desktop\OTL.exe
[2010/02/06 23:11:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
[2010/03/08 06:00:29 | 002,621,440 | -HS- | M] () -- C:\Users\Randy\ntuser.dat
[2010/03/08 04:14:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/08 04:14:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/07 23:46:51 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{28D1FB17-9CF7-4CFB-81CF-C67481596A42}.job
[2010/03/06 21:52:48 | 005,760,054 | ---- | M] () -- C:\Users\Randy\Desktop\Avery.bmp
[2010/03/03 17:17:00 | 000,004,002 | ---- | M] () -- C:\Users\Randy\Desktop\27198_350812913480_515108480_3663949_5960307_s[1].jpg
[2010/03/03 17:17:00 | 000,003,367 | ---- | M] () -- C:\Users\Randy\Desktop\27198_350809413480_515108480_3663940_6591763_s[1].jpg
[2010/03/03 17:17:00 | 000,003,219 | ---- | M] () -- C:\Users\Randy\Desktop\27198_350811778480_515108480_3663947_4728312_s[1].jpg
[2010/03/02 18:18:41 | 000,734,432 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/02 18:18:41 | 000,625,582 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/02 18:18:41 | 000,113,260 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/02 18:14:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/02 18:14:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/02 18:14:12 | 3219,587,072 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/28 13:01:03 | 000,524,288 | -HS- | M] () -- C:\Users\Randy\ntuser.dat{8d8710fc-53af-11dd-b4d5-001fc65ea5ce}.TMContainer00000000000000000001.regtrans-ms
[2010/02/28 13:01:03 | 000,065,536 | -HS- | M] () -- C:\Users\Randy\ntuser.dat{8d8710fc-53af-11dd-b4d5-001fc65ea5ce}.TM.blf
[2010/02/28 13:00:42 | 004,309,740 | -H-- | M] () -- C:\Users\Randy\AppData\Local\IconCache.db
[2010/02/25 04:57:26 | 000,088,208 | ---- | M] () -- C:\Users\Randy\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/25 03:18:44 | 000,334,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/02/21 18:33:05 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/02/21 18:33:05 | 000,001,876 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/02/20 15:59:12 | 000,000,790 | ---- | M] () -- C:\Users\Randy\AppData\Roaming\wklnhst.dat
[2010/02/18 17:39:13 | 000,001,910 | ---- | M] () -- C:\Users\Randy\Desktop\HijackThis.lnk
[2010/02/16 20:57:09 | 000,000,854 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/16 20:45:45 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/02/16 20:18:22 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2010/02/16 19:58:10 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Users\Randy\Desktop\TFC.exe
[2010/02/11 13:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/02/11 13:53:36 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/02/11 13:42:34 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/02/11 13:42:13 | 000,162,512 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/02/11 13:39:01 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/02/11 13:38:45 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/02/11 13:38:23 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/02/07 12:04:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Randy\Desktop\OTL.exe
[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]
[2010/03/06 21:52:48 | 005,760,054 | ---- | C] () -- C:\Users\Randy\Desktop\Avery.bmp
[2010/03/06 18:36:11 | 000,003,367 | ---- | C] () -- C:\Users\Randy\Desktop\27198_350809413480_515108480_3663940_6591763_s[1].jpg
[2010/03/06 18:36:00 | 000,003,219 | ---- | C] () -- C:\Users\Randy\Desktop\27198_350811778480_515108480_3663947_4728312_s[1].jpg
[2010/03/06 18:34:55 | 000,004,002 | ---- | C] () -- C:\Users\Randy\Desktop\27198_350812913480_515108480_3663949_5960307_s[1].jpg
[2010/02/21 18:33:05 | 000,001,876 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/02/18 17:39:13 | 000,001,910 | ---- | C] () -- C:\Users\Randy\Desktop\HijackThis.lnk
[2010/02/16 20:57:09 | 000,000,854 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/16 20:18:22 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2010/02/16 20:17:12 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/12/11 14:49:46 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2009/09/24 15:45:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/12/30 23:52:20 | 000,000,404 | ---- | C] () -- C:\Windows\COOK'N5.INI
[2008/08/01 15:44:43 | 000,138,408 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/07/16 17:44:29 | 000,000,790 | ---- | C] () -- C:\Users\Randy\AppData\Roaming\wklnhst.dat
[2008/05/28 13:45:01 | 000,004,608 | ---- | C] () -- C:\Users\Randy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/26 18:30:33 | 000,022,328 | ---- | C] () -- C:\Users\Randy\AppData\Roaming\PnkBstrK.sys
[2008/05/26 13:30:18 | 000,001,356 | ---- | C] () -- C:\Users\Randy\AppData\Local\d3d9caps.dat
[2008/04/04 12:38:39 | 000,000,060 | ---- | C] () -- C:\Windows\System32\HP_Demo.ini
[2008/04/04 12:23:04 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/04/04 12:23:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/01/25 15:25:08 | 000,011,264 | ---- | C] () -- C:\Windows\System32\rcmirror.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
< End of report >
Post by: guestolo on March 08, 2010, 08:19:41 PM
Post by: Mr Bell on March 09, 2010, 05:56:39 AM
OTL logfile created on: 3/9/2010 5:35:20 AM - Run 3
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Randy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586.83 Gb Total Space | 455.41 Gb Free Space | 77.61% Space Free | Partition Type: NTFS
Drive D: | 9.34 Gb Total Space | 1.26 Gb Free Space | 13.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: RANDY-PC
Current User Name: Randy
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
PRC - [2010/02/11 13:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/02/07 12:04:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Randy\Desktop\OTL.exe
PRC - [2009/12/11 15:45:10 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/12/11 15:44:40 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/12/09 20:27:22 | 000,107,832 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
PRC - [2009/04/22 17:38:50 | 000,065,536 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009/04/22 17:37:16 | 000,065,536 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/01 15:44:24 | 000,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2008/01/20 21:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2007/10/25 04:52:08 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/10/18 06:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/03/11 21:32:42 | 000,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2007/03/11 21:26:24 | 000,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]
MOD - [2010/02/07 12:04:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Randy\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/12/11 15:44:40 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/12/09 20:27:22 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009/12/08 19:36:01 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/08/01 15:44:24 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2008/05/02 21:46:00 | 000,118,784 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/02/01 17:08:50 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/19 16:54:04 | 000,079,136 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/10/18 06:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/09/19 19:30:52 | 000,065,536 | ---- | M] (Hewlett-Packard) [Disabled | Stopped] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2007/08/16 09:56:16 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2007/08/16 09:56:14 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2007/08/16 09:56:10 | 001,092,080 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/07/24 06:14:08 | 000,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/07/24 06:14:06 | 000,358,896 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/07/23 18:33:06 | 000,181,800 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/06/04 22:14:50 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/06/04 22:14:50 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
DRV - [2010/02/11 13:42:34 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/02/11 13:42:13 | 000,162,512 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/02/11 13:39:01 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/02/11 13:38:45 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/02/11 13:38:23 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/12/11 16:03:58 | 005,188,096 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/12/11 16:03:58 | 005,188,096 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2009/12/11 14:50:52 | 000,125,440 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009/11/18 18:24:50 | 000,097,792 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 04:04:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/04/17 12:12:54 | 000,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/01/20 21:24:49 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/14 12:48:16 | 000,005,120 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rcmirror.sys -- (rcmirror)
DRV - [2007/12/11 16:06:00 | 008,238,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/12/07 10:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/12/07 10:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/11/17 14:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/10/25 05:26:10 | 002,015,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/12 10:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/08/14 15:49:42 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdTools.sys -- (AmdTools)
DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/05/31 14:39:50 | 000,022,656 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2007/05/01 04:00:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/01/18 11:24:58 | 000,026,496 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2006/06/19 09:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/12/12 11:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop\")
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop\")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop\")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop\")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=\"#E56717\"]========== FireFox ==========[/color]
FF - prefs.js..browser.startup.homepage: "http://tpgleague.org/dod6/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717
[2008/07/07 10:43:54 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Mozilla\Extensions
[2010/02/06 22:58:43 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\dhojs8md.default\extensions
[2009/05/17 22:07:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\dhojs8md.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/02/20 15:24:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD_Display] File not found
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKCU..\Run: [Singlesnet] C:\Program Files\Singlesnet\Singlesnet\Singlesnet.exe (Singlesnet.com)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab\") (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab\") (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab\") (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (http://\"http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab\") (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Randy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Randy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/04 12:38:24 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
[2010/02/24 05:27:44 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/24 05:27:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/24 05:27:09 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/24 05:27:07 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/24 05:27:04 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/24 05:27:01 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/24 05:27:01 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/24 05:27:01 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/24 05:27:01 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/24 05:27:01 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/24 05:27:01 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/24 05:26:59 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/02/24 05:26:59 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/02/24 05:26:58 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/02/21 18:33:05 | 000,162,512 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/02/21 18:33:05 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/02/21 18:33:05 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/02/21 18:33:05 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/02/21 18:33:05 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/02/21 18:32:48 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/02/21 18:32:48 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/02/21 18:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/02/21 18:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/02/20 15:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010/02/20 15:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2010/02/16 20:57:10 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Roaming\Malwarebytes
[2010/02/16 20:57:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/16 20:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/16 20:57:04 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/02/16 20:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/16 20:42:16 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/16 20:18:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/02/16 20:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/02/16 20:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/02/16 20:16:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Adobe Reader 9 Installer
[2010/02/16 20:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/02/16 19:58:09 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Users\Randy\Desktop\TFC.exe
[2010/02/10 04:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/02/10 00:46:24 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/10 00:46:24 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/10 00:46:19 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/10 00:46:19 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/10 00:46:19 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/10 00:46:19 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/07 12:04:09 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Randy\Desktop\OTL.exe
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
[2010/03/09 05:34:57 | 002,621,440 | -HS- | M] () -- C:\Users\Randy\ntuser.dat
[2010/03/09 05:34:22 | 000,734,432 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/09 05:34:22 | 000,625,582 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/09 05:34:22 | 000,113,260 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/09 05:29:53 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/09 05:29:53 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/09 05:29:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/09 05:29:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/09 05:29:42 | 3219,607,552 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/09 05:26:56 | 000,524,288 | -HS- | M] () -- C:\Users\Randy\ntuser.dat{8d8710fc-53af-11dd-b4d5-001fc65ea5ce}.TMContainer00000000000000000001.regtrans-ms
[2010/03/09 05:26:56 | 000,065,536 | -HS- | M] () -- C:\Users\Randy\ntuser.dat{8d8710fc-53af-11dd-b4d5-001fc65ea5ce}.TM.blf
[2010/03/09 05:26:52 | 004,336,043 | -H-- | M] () -- C:\Users\Randy\AppData\Local\IconCache.db
[2010/03/09 00:27:29 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{28D1FB17-9CF7-4CFB-81CF-C67481596A42}.job
[2010/03/06 21:52:48 | 005,760,054 | ---- | M] () -- C:\Users\Randy\Desktop\Avery.bmp
[2010/03/03 17:17:00 | 000,004,002 | ---- | M] () -- C:\Users\Randy\Desktop\27198_350812913480_515108480_3663949_5960307_s[1].jpg
[2010/03/03 17:17:00 | 000,003,367 | ---- | M] () -- C:\Users\Randy\Desktop\27198_350809413480_515108480_3663940_6591763_s[1].jpg
[2010/03/03 17:17:00 | 000,003,219 | ---- | M] () -- C:\Users\Randy\Desktop\27198_350811778480_515108480_3663947_4728312_s[1].jpg
[2010/02/25 04:57:26 | 000,088,208 | ---- | M] () -- C:\Users\Randy\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/25 03:18:44 | 000,334,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/02/21 18:33:05 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/02/21 18:33:05 | 000,001,876 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/02/20 15:59:12 | 000,000,790 | ---- | M] () -- C:\Users\Randy\AppData\Roaming\wklnhst.dat
[2010/02/18 17:39:13 | 000,001,910 | ---- | M] () -- C:\Users\Randy\Desktop\HijackThis.lnk
[2010/02/16 20:57:09 | 000,000,854 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/16 20:45:45 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/02/16 20:18:22 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2010/02/16 19:58:10 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Users\Randy\Desktop\TFC.exe
[2010/02/11 13:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/02/11 13:53:36 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/02/11 13:42:34 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/02/11 13:42:13 | 000,162,512 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/02/11 13:39:01 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/02/11 13:38:45 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/02/11 13:38:23 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/02/07 12:04:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Randy\Desktop\OTL.exe
[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]
[2010/03/06 21:52:48 | 005,760,054 | ---- | C] () -- C:\Users\Randy\Desktop\Avery.bmp
[2010/03/06 18:36:11 | 000,003,367 | ---- | C] () -- C:\Users\Randy\Desktop\27198_350809413480_515108480_3663940_6591763_s[1].jpg
[2010/03/06 18:36:00 | 000,003,219 | ---- | C] () -- C:\Users\Randy\Desktop\27198_350811778480_515108480_3663947_4728312_s[1].jpg
[2010/03/06 18:34:55 | 000,004,002 | ---- | C] () -- C:\Users\Randy\Desktop\27198_350812913480_515108480_3663949_5960307_s[1].jpg
[2010/02/21 18:33:05 | 000,001,876 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/02/18 17:39:13 | 000,001,910 | ---- | C] () -- C:\Users\Randy\Desktop\HijackThis.lnk
[2010/02/16 20:57:09 | 000,000,854 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/16 20:18:22 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2010/02/16 20:17:12 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/12/11 14:49:46 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2009/09/24 15:45:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/12/30 23:52:20 | 000,000,404 | ---- | C] () -- C:\Windows\COOK'N5.INI
[2008/08/01 15:44:43 | 000,138,408 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/07/16 17:44:29 | 000,000,790 | ---- | C] () -- C:\Users\Randy\AppData\Roaming\wklnhst.dat
[2008/05/28 13:45:01 | 000,004,608 | ---- | C] () -- C:\Users\Randy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/26 18:30:33 | 000,022,328 | ---- | C] () -- C:\Users\Randy\AppData\Roaming\PnkBstrK.sys
[2008/05/26 13:30:18 | 000,001,356 | ---- | C] () -- C:\Users\Randy\AppData\Local\d3d9caps.dat
[2008/04/04 12:38:39 | 000,000,060 | ---- | C] () -- C:\Windows\System32\HP_Demo.ini
[2008/04/04 12:23:04 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/04/04 12:23:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/01/25 15:25:08 | 000,011,264 | ---- | C] () -- C:\Windows\System32\rcmirror.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
< End of report >
here is the Extras.txt
OTL Extras logfile created on: 3/9/2010 5:35:20 AM - Run 3
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Randy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586.83 Gb Total Space | 455.41 Gb Free Space | 77.61% Space Free | Partition Type: NTFS
Drive D: | 9.34 Gb Total Space | 1.26 Gb Free Space | 13.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: RANDY-PC
Current User Name: Randy
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]
[color=\"#E56717\"]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[color=\"#E56717\"]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" File not found
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[color=\"#E56717\"]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[color=\"#E56717\"]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
[color=\"#E56717\"]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034026E4-7AF1-42E0-B1C2-489ABF224F1E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{151E8E3C-F499-4F66-A7B6-BFC51DA42BD3}" = lport=138 | protocol=17 | dir=in | app=system |
"{16C5157C-6D20-49E3-A918-6054890DD906}" = rport=139 | protocol=6 | dir=out | app=system |
"{1E49F55F-A6D4-4DE5-9C46-BAC4EBC78377}" = rport=445 | protocol=6 | dir=out | app=system |
"{46E2201E-4AA6-4FDE-8CFA-3F532631EA89}" = rport=137 | protocol=17 | dir=out | app=system |
"{47027EDD-45BF-4F80-9289-587CAF11D0D7}" = lport=139 | protocol=6 | dir=in | app=system |
"{6C2581AB-8794-4F91-9D13-18489A03E7F2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9A74B72A-6840-413C-B078-1C7D204E9596}" = lport=445 | protocol=6 | dir=in | app=system |
"{9A83279A-178A-4BB2-9251-CD9201F5AF53}" = lport=137 | protocol=17 | dir=in | app=system |
"{C39DE9EE-6152-4C63-BA9B-BDB0C2219BBA}" = rport=138 | protocol=17 | dir=out | app=system |
[color=\"#E56717\"]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F35BBBB-A975-4312-B0CF-1B043C77C927}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{14C719B2-CFB8-4AF8-8319-7A5E9106294C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{1DDA6495-BBFC-4BEC-9E7E-2E76E92583B6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{22E95447-8F97-4585-B92D-3BF2E315FE28}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{3A49BBFF-9174-46F5-ADA3-092B55D4D0A7}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3AB3A39D-BAC7-41A5-87A5-4B793533B243}" = protocol=1 | dir=out | [email protected],-28544 |
"{47427585-15F4-4BBF-8BBE-6C5B03B86582}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{575EB00B-A060-4D25-A945-51CEC76FA607}" = protocol=1 | dir=in | [email protected],-28543 |
"{61DC7E2A-98CF-46CA-A7D2-993346AB7357}" = protocol=58 | dir=out | [email protected],-28546 |
"{86426173-A61C-4BFC-A4C1-B37346148542}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{8F098ACA-CD1A-41DC-9946-E305748AD198}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{964E2759-1B26-4CEE-8C0F-1231B4401A79}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{9B83F120-37BB-4CB9-915A-66E08FA7028E}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B65792AA-B3B8-41C8-9D4F-B427C44BBC35}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{BDB4490D-E797-4F2C-B722-79BB5D8D2FED}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BF34D2A6-B45D-4524-A269-1D53858BF140}" = protocol=58 | dir=in | [email protected],-28545 |
"{C43D48F5-4592-4EC0-AE5D-02C4BE863BBA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E93C190D-BB89-496C-B2E0-137F35886DAC}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{FD906AF2-ACF6-4EF6-ADDE-7BEE7D5C7123}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3mp.exe |
[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02548730-180A-487e-A726-A75CB6650AF7}" = D1400
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{03E66394-42F0-4745-85F7-0A2F8F35C09F}" = HP Deskjet Printer Driver Software 9.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0D048BE8-AE02-4CB5-A428-616B9848E4A7}" = BlackBerry Desktop Software 4.3
"{0E19A83E-F53B-40CF-8C91-96F32D955E6A}" = LightScribe System Software 1.10.23.1
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15C70064-2463-49dd-9A88-B700F75BB428}" = dj_sf_ProductContext
"{1A573B3D-ECE2-F49B-F4D0-8CFA74236B66}" = Catalyst Control Center HydraVision Full
"{1ACA994D-3EF6-45E8-9206-19B599BEE31B}" = HP RC Mirror Driver
"{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}" = HP Easy Setup - Frontend
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{236479EE-1E63-59DC-8E6B-293A393A135F}" = Catalyst Control Center InstallProxy
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(tm) 6 Update 18
"{2814A676-E972-460A-1EF7-5C4FE1BF3A5C}" = Catalyst Control Center Graphics Previews Common
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4835B10F-61D4-E60C-860D-DF71C93FDC37}" = ATI Catalyst Install Manager
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{48FF6DE6-0619-4562-B4B1-21F161FE0DE0}" = Symantec Technical Support Advanced Chat Controls
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4F535C04-86BE-47D1-98C6-8AB26D28482B}" = Singlesnet
"{5115C036-C0D5-4E1B-81C9-542CA967478A}" = muvee autoProducer 6.1
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{590B3F7B-C516-B2A0-0F9A-085FBD1D4432}" = Catalyst Control Center InstallProxy
"{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}" = Roxio Media Manager
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6C00981A-91B5-1837-1473-7AE639591CD2}" = ccc-core-static
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A379E7A-22ED-44FF-9293-E393D704505D}" = HP Demo
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0343AB9-5216-C416-B962-AB28A85F54E2}" = Catalyst Control Center Core Implementation
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD4B3D50-EB7D-BF5F-2670-AEB01FE7A954}" = ccc-utility
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{B639110D-747F-40DC-9682-95D94EF73790}" = dj_sf_software
"{BACF70EA-27E6-C3B5-5CDA-D9819B3FE0C6}" = CCC Help English
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6783FB4-2E95-4ED0-8A32-1BF32821689F}" = AMD CPUInfo
"{C8D47273-7A1A-4614-A3D8-263632D8A5ED}" = HP Customer Experience Enhancements
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2057895-F881-77FC-EA38-97D0DF73E1FA}" = Catalyst Control Center Graphics Light
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E27622FF-C563-1915-E4C0-64A03A24CF77}" = Catalyst Control Center Graphics Previews Vista
"{E4A94926-7F57-E35A-0782-341BB6C91BD5}" = Catalyst Control Center Graphics Full New
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA1A669B-302B-4E6E-BD23-FA5572A7A85C}" = AMD Power Monitor
"{EFE673F6-688A-42ed-9C6C-9DD8CF5A9B89}" = D1400_Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{fef8097e-662d-49b3-aa77-2919db3746d7}" = HP Total Care Advisor
"{FFD5DBA4-898F-1307-20C9-7A9156F57B60}" = Catalyst Control Center Graphics Full Existing
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast5" = avast! Free Antivirus
"BlackBerry_{0D048BE8-AE02-4CB5-A428-616B9848E4A7}" = BlackBerry Desktop Software 4.3
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PunkBusterSvc" = PunkBuster Services
"SpeedFan" = SpeedFan (remove only)
"Steam App 30" = Day of Defeat
"Steam App 300" = Day of Defeat: Source
"Steam App 7940" = Call of Duty 4: Modern Warfare
"SystemRequirementsLab" = System Requirements Lab
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver
[color=\"#E56717\"]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 2/10/2010 4:21:09 AM | Computer Name = Randy-PC | Source = WinMgmt | ID = 10
Description =
Error - 2/16/2010 7:29:39 PM | Computer Name = Randy-PC | Source = WinMgmt | ID = 10
Description =
Error - 2/16/2010 9:06:31 PM | Computer Name = Randy-PC | Source = WinMgmt | ID = 10
Description =
Error - 2/16/2010 9:08:42 PM | Computer Name = Randy-PC | Source = MsiInstaller | ID = 11706
Description =
Error - 2/16/2010 10:17:29 PM | Computer Name = Randy-PC | Source = WinMgmt | ID = 10
Description =
Error - 2/16/2010 10:17:59 PM | Computer Name = Randy-PC | Source = MsiInstaller | ID = 1041
Description =
Error - 2/16/2010 10:18:14 PM | Computer Name = Randy-PC | Source = MsiInstaller | ID = 10005
Description =
Error - 2/16/2010 10:27:24 PM | Computer Name = Randy-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 2/17/2010 11:19:31 PM | Computer Name = Randy-PC | Source = WinMgmt | ID = 10
Description =
Error - 2/17/2010 11:23:01 PM | Computer Name = Randy-PC | Source = MsiInstaller | ID = 11706
Description =
[ Media Center Events ]
Error - 5/28/2008 2:51:34 PM | Computer Name = Randy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 5/30/2008 4:56:29 AM | Computer Name = Randy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 6/7/2008 2:07:58 AM | Computer Name = Randy-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
[ System Events ]
Error - 2/28/2010 2:27:16 PM | Computer Name = Randy-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 3/2/2010 7:14:17 PM | Computer Name = Randy-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:12:32 PM on 3/2/2010 was unexpected.
Error - 3/2/2010 7:14:18 PM | Computer Name = RANDY-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.10 for the Network Card with network
address 001FC65EA5CE has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 3/2/2010 7:15:55 PM | Computer Name = Randy-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 3/2/2010 7:15:55 PM | Computer Name = Randy-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 3/2/2010 7:15:55 PM | Computer Name = Randy-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 3/9/2010 6:29:48 AM | Computer Name = Randy-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.10 for the Network Card with network
address 001FC65EA5CE has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 3/9/2010 6:31:26 AM | Computer Name = Randy-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 3/9/2010 6:31:26 AM | Computer Name = Randy-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 3/9/2010 6:31:26 AM | Computer Name = Randy-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
Post by: guestolo on March 09, 2010, 01:42:00 PM
Did you remove Firefox?
Post by: Mr Bell on March 09, 2010, 03:29:04 PM
YES firefox has been removed
Post by: guestolo on March 10, 2010, 11:58:25 PM
- Under the [color=\"#0000FF\"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote pleaseQuote
:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
FF - prefs.js..browser.startup.homepage: "http://tpgleague.org/dod6/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=-
"Adobe Reader Speed Launcher"=-
:Files
C:\Users\Randy\AppData\Roaming\Mozilla
C:\Program Files\Mozilla Firefox
:Commands
[EmptyTemp]
[Reboot] - Then click the [color=\"#FF0000\"]Run Fix[/color] button at the top
- Let the program run unhindered, reboot the PC when it is done
On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder
Keep me informed how things are now running
Post by: Mr Bell on March 11, 2010, 06:47:45 PM
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Prefs.js: "http://tpgleague.org/dod6/" removed from browser.startup.homepage
Prefs.js: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717 removed from extensions.enabledItems
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\HP Software Update deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
========== FILES ==========
C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\dhojs8md.default\minidumps folder moved successfully.
C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\dhojs8md.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\dhojs8md.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\dhojs8md.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\dhojs8md.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\dhojs8md.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\dhojs8md.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\cache\default folder moved successfully.
C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\dhojs8md.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\cache folder moved successfully.
C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\dhojs8md.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\dhojs8md.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\dhojs8md.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\dhojs8md.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\dhojs8md.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\dhojs8md.default\extensions folder moved successfully.
C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\dhojs8md.default\chrome folder moved successfully.
C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\dhojs8md.default\bookmarkbackups folder moved successfully.
C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\dhojs8md.default folder moved successfully.
C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles folder moved successfully.
C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Crash Reports folder moved successfully.
C:\Users\Randy\AppData\Roaming\Mozilla\Firefox folder moved successfully.
C:\Users\Randy\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully.
C:\Users\Randy\AppData\Roaming\Mozilla\Extensions folder moved successfully.
C:\Users\Randy\AppData\Roaming\Mozilla folder moved successfully.
C:\Program Files\Mozilla Firefox\plugins folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions folder moved successfully.
C:\Program Files\Mozilla Firefox folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Randy
->Temp folder emptied: 80982 bytes
->Temporary Internet Files folder emptied: 258492347 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 170704 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 247.00 mb
OTL by OldTimer - Version 3.1.28.0 log created on 03112010_183311
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Post by: Mr Bell on March 11, 2010, 07:05:23 PM
Can I safely remove
HP total care
HP Demo
HP Customer Experience Enhancemrnts
HP Supply
HP Customer participation program 9.0 maybe I need that IDK
HP solution center: This one always pops up on reboot.
There are some other HP but I think I need those...
Also isn't System Requirement Lab part of Nortons. Should that be removed?|?|?|
Post by: guestolo on March 12, 2010, 02:02:40 PM
Quote
I was a member of singlesnet.com And I need to remove some little program that always comes on when I reboot. I hit quit all the time presently.
So you want to remove singlesnet?
What little program comes on when you reboot?
Post by: Mr Bell on March 12, 2010, 11:01:18 PM
Post by: guestolo on March 13, 2010, 12:03:12 AM
/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' />
Post by: Mr Bell on March 14, 2010, 06:55:07 AM
And what about all those HP programs? Are they running while I surf the net? Everytime I reboot I get a notification pop up from solution center. I hit ok and it says it can't locate the .msi' file. So I have to hit cancel.
Post by: guestolo on March 14, 2010, 12:08:00 PM
HP total care
HP Demo
HP Customer Experience Enhancemrnts
HP Supply
HP Customer participation program 9.0
HP solution center <make sure to remove this, as it's part of the problem
System Requirement Lab
Reboot your computer
Back in Windows, you need to uninstall Flash again, make sure you do Exactly the following
even if you have done it once already
Go here and download the uninistaller for Flash
http://kb2.adobe.com/cps/141/tn_14157.html (http://\"http://kb2.adobe.com/cps/141/tn_14157.html\")
Save the uninstaller to desktop
Ensure your Web Browsers are all closed
Then right click on the uninstaller and choose to "Run as Administrator"
Follow the prompts, it won't take long to run this tool
Reboot the computer afterwards
Back in Windows:
Go to the following link in Internet Explorer
http://www.adobe.com/products/flashplayer/ (http://\"http://www.adobe.com/products/flashplayer/\")
UNTICK and toolbar or Security scan option and then proceed to install the latest version of Flash
Let me know how things run afterwards with Flash
What HP product do you have installed on this computer
Multifunction Printer as eg....
Post by: Mr Bell on March 14, 2010, 05:04:50 PM
HP total care
HP Demo
HP Customer Experience Enhancemrnts
HP Supply
HP Customer participation program 9.0
HP solution center <make sure to remove this, as it's part of the problem
System Requirement Lab
I immediatly noticed improvement. Its faster.
I installed flash sucesfully
The computer is a HP Pravilian, HP deskjet printer and HP monitor.
So the remaining programs from HP are HP Active support library, HP Easy setup-frontend, HP imaging device functions 9.0, and deskjet printer driver.
I think I need those correct.
But I did notice that there is still yet another stand alone program called System Requirement labs. Shall I remove that one?
Post by: guestolo on March 14, 2010, 10:19:44 PM
Like the following
Quote
Go ahead and Uninstall all the following
HP total care
HP Demo
HP Customer Experience Enhancemrnts
HP Supply
HP Customer participation program 9.0
HP solution center <make sure to remove this, as it's part of the problem
System Requirement Lab
So what ya think?
Please keep me informed how things are then running after you remove that program too?
Take note: Youtube is Flash related, can you let me know how the following Flash file plays from National Geographic channel please, it too rely's on Flash
http://video.tiscali.it/canali/truveo/2258968856.html (http://\"http://video.tiscali.it/canali/truveo/2258968856.html\")
Post by: Mr Bell on March 15, 2010, 04:38:31 AM
That video played flawlessly. Plus I enjoyed it as well.
With the removal of all those programs do I need to clkean up any registry's associated with those programs?
Computer is running smooth otherwise...
Post by: guestolo on March 15, 2010, 10:35:04 PM
from the registry, it doesn't really slow down the computer
Can you right click on OTL.exe and choose to "Run as Admin"
When it opens, click on the CLEANUP button
Follow the prompts, reboot when prompted
That should do it if everything is running fine
Post by: Mr Bell on March 16, 2010, 08:54:36 PM
Post by: guestolo on March 21, 2010, 12:49:15 AM
Take care
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />