OTL logfile created on: 3/18/2011 2:07:47 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\mark\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,013.00 Mb Total Physical Memory | 645.00 Mb Available Physical Memory | 64.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.60 Gb Total Space | 106.30 Gb Free Space | 77.26% Space Free | Partition Type: NTFS
Drive D: | 11.45 Gb Total Space | 2.00 Gb Free Space | 17.44% Space Free | Partition Type: NTFS
Computer Name: MARK-PC | User Name: mark | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
========== Processes (SafeList) ========== PRC - [2011/03/16 00:22:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\mark\Desktop\OTL.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (SafeList) ========== MOD - [2011/03/16 00:22:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\mark\Desktop\OTL.exe
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (seclogon)
SRV - File not found [On_Demand | Stopped] -- -- (QWAVE)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/05/22 19:36:18 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/03 18:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 14:35:00 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/22 01:21:00 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/03/05 12:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
========== Driver Services (SafeList) ========== DRV - [2010/11/02 02:03:15 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/03/17 12:56:58 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/02/19 13:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/02/19 13:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/02/19 13:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 13:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 13:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 13:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/03/20 15:37:22 | 000,261,680 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20080623.001\IDSvix86.sys -- (IDSvix86)
DRV - [2008/02/27 06:26:04 | 000,201,728 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007/11/30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/11/05 04:00:00 | 000,865,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071105.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2007/11/05 04:00:00 | 000,395,312 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/11/05 04:00:00 | 000,112,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2007/11/05 04:00:00 | 000,081,232 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071105.016\NAVENG.SYS -- (NAVENG)
DRV - [2007/10/11 06:17:56 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/08/08 17:39:00 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007/07/10 09:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/25 06:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/30 18:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/04/23 16:51:08 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/06/28 12:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptopIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptopIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "
http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "search"
FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/05/15 13:46:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/05/16 02:52:05 | 000,000,000 | ---D | M]
[2010/12/17 18:58:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\uk2sdw22.default\extensions
[2009/11/26 05:28:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\uk2sdw22.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/26 05:26:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\uk2sdw22.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/10/06 04:26:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/06 04:26:50 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/05/15 13:32:32 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\
[email protected][2007/08/24 21:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2006/10/11 03:04:58 | 000,061,036 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2006/10/11 03:04:59 | 000,048,742 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2006/10/11 03:05:03 | 000,029,313 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2006/10/11 03:05:03 | 000,041,082 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2006/10/11 03:04:58 | 000,166,510 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
O1 HOSTS File: ([2011/03/01 21:07:11 | 000,002,732 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100
www.getantivirusplusnow.comO1 - Hosts: 74.125.45.100
www.secure-plus-payments.comO1 - Hosts: 74.125.45.100
www.getavplusnow.comO1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100
www.securesoftwarebill.comO1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 64.46.38.209
www.google.com O1 - Hosts: 64.46.38.209 google.com
O1 - Hosts: 64.46.38.209 google.com.au
O1 - Hosts: 64.46.38.209
www.google.com.auO1 - Hosts: 64.46.38.209 google.be
O1 - Hosts: 64.46.38.209
www.google.beO1 - Hosts: 64.46.38.209 google.com.br
O1 - Hosts: 64.46.38.209
www.google.com.brO1 - Hosts: 39 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [LaunchRCApp] C:\NPM\RCApp.exe (Symantec Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O24 - Desktop WallPaper: C:\Users\mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/27 02:45:25 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 360 Days ========== [2011/03/18 14:06:43 | 000,000,000 | ---D | C] -- C:\Users\mark\WPDNSE
[2011/03/18 14:05:57 | 000,000,000 | ---D | C] -- C:\Users\mark\RarSFX0
[2011/03/16 00:32:33 | 000,885,024 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\mark\Desktop\jxpiinstall.exe
[2011/03/16 00:22:11 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\mark\Desktop\OTL.exe
[2011/03/15 22:48:07 | 000,000,000 | ---D | C] -- C:\Users\mark\hsperfdata_mark
[2011/03/15 22:02:56 | 000,000,000 | ---D | C] -- C:\Users\mark\MUI
[2011/03/15 22:01:12 | 000,000,000 | ---D | C] -- C:\Users\mark\AppData\Roaming\U3
[2011/03/15 21:51:57 | 008,588,616 | ---- | C] (Mozilla) -- C:\Users\mark\Desktop\Firefox Setup 3.6.15.exe
[2011/03/15 21:12:05 | 003,033,192 | ---- | C] (Piriform Ltd) -- C:\Users\mark\Desktop\ccsetup304(2).exe
[2011/03/15 21:06:50 | 001,834,738 | ---- | C] (Piriform Ltd) -- C:\Users\mark\sunv3tbe.exe
[2011/03/01 20:24:21 | 000,000,000 | ---D | C] -- C:\Users\mark\AppData\Roaming\Malwarebytes
[2011/03/01 20:24:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/01 20:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/01 20:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/01 20:24:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/01 20:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/25 22:50:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Symantec
[2011/01/25 22:49:40 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/01/25 22:49:40 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/01/25 22:49:40 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/01/25 22:43:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011/01/05 18:41:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\PIEEAJES
[2011/01/05 18:38:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\7708de
[2010/12/16 03:08:04 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/12/16 03:08:04 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/12/16 03:08:04 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/12/16 03:07:58 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/12/16 03:07:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/12/05 13:09:44 | 002,827,728 | ---- | C] (Adobe Systems, Inc.) -- C:\Users\mark\FlashPlayerUpdate01.exe
[2010/11/30 21:32:12 | 000,000,000 | ---D | C] -- C:\Users\mark\Adobe
[2010/11/29 22:57:37 | 000,000,000 | ---D | C] -- C:\NPM
[2010/11/15 05:19:31 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2010/11/02 02:11:04 | 002,826,192 | ---- | C] (Adobe Systems, Inc.) -- C:\Users\mark\FlashPlayerUpdate.exe
[2010/11/01 16:10:45 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/11/01 16:10:44 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/11/01 16:10:44 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/11/01 16:10:43 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/11/01 16:10:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/05/20 13:58:35 | 000,000,000 | ---D | C] -- C:\Users\mark\Low
[5 C:\Users\mark\*.tmp files -> C:\Users\mark\*.tmp -> ]
========== Files - Modified Within 360 Days ========== [2011/03/18 14:06:37 | 000,031,832 | ---- | M] () -- C:\Users\mark\mark.bmp
[2011/03/18 14:05:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/18 14:03:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/18 14:03:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/18 14:00:05 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C57A08DE-7FF9-475F-A02F-CD7A07009B0C}.job
[2011/03/18 13:39:39 | 000,000,279 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/03/16 00:32:33 | 000,885,024 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\mark\Desktop\jxpiinstall.exe
[2011/03/16 00:23:32 | 001,006,747 | ---- | M] () -- C:\Users\mark\Desktop\rkill.scr
[2011/03/16 00:23:10 | 001,006,747 | ---- | M] () -- C:\Users\mark\Desktop\rkill2.com
[2011/03/16 00:22:39 | 001,006,747 | ---- | M] () -- C:\Users\mark\Desktop\rkill.exe
[2011/03/16 00:22:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\mark\Desktop\OTL.exe
[2011/03/15 22:43:03 | 000,058,760 | ---- | M] () -- C:\Users\mark\symlcsv1.exe
[2011/03/15 22:31:14 | 000,312,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/15 22:01:27 | 000,002,048 | ---- | M] () -- C:\Users\mark\MBX@14B0@20310B8.###
[2011/03/15 22:01:27 | 000,002,048 | ---- | M] () -- C:\Users\mark\MBX@14B0@2031088.###
[2011/03/15 22:01:27 | 000,002,048 | ---- | M] () -- C:\Users\mark\MBX@14B0@2031028.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | M] () -- C:\Users\mark\MBX@14B0@2031098.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | M] () -- C:\Users\mark\MBX@14B0@2031068.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | M] () -- C:\Users\mark\MBX@14B0@2031058.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | M] () -- C:\Users\mark\MBX@14B0@2031048.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | M] () -- C:\Users\mark\MBX@14B0@2031038.###
[2011/03/15 21:52:19 | 008,588,616 | ---- | M] (Mozilla) -- C:\Users\mark\Desktop\Firefox Setup 3.6.15.exe
[2011/03/15 21:51:09 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/15 21:51:09 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/15 21:50:53 | 000,001,340 | ---- | M] () -- C:\Users\mark\wmplog09.sqm
[2011/03/15 21:35:34 | 001,402,880 | ---- | M] () -- C:\Users\mark\Desktop\HiJackThis.msi
[2011/03/15 21:12:19 | 003,033,192 | ---- | M] (Piriform Ltd) -- C:\Users\mark\Desktop\ccsetup304(2).exe
[2011/03/15 21:08:58 | 001,834,738 | ---- | M] (Piriform Ltd) -- C:\Users\mark\sunv3tbe.exe
[2011/03/15 21:06:53 | 000,000,000 | ---- | M] () -- C:\Users\mark\Desktop\ccsetup304.exe
[2011/03/01 21:07:11 | 000,002,732 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/01 20:54:41 | 000,001,356 | ---- | M] () -- C:\Users\mark\AppData\Local\d3d9caps.dat
[2011/02/02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/05 13:09:44 | 002,827,728 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\mark\FlashPlayerUpdate01.exe
[2010/11/02 23:08:49 | 058,762,192 | ---- | M] () -- C:\Users\mark\WERC523.tmp.hdmp
[2010/11/02 02:11:04 | 002,826,192 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\mark\FlashPlayerUpdate.exe
[2010/11/02 02:03:15 | 000,124,464 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/11/02 02:03:15 | 000,010,635 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/11/02 02:03:15 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/10/28 10:02:24 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/10/28 08:03:07 | 000,292,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/10/28 07:56:58 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/10/21 05:26:19 | 000,001,460 | ---- | M] () -- C:\Users\mark\wmplog08.sqm
[2010/10/18 09:01:05 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/10/06 02:59:27 | 000,001,464 | ---- | M] () -- C:\Users\mark\wmplog07.sqm
[2010/09/20 04:25:01 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/07/08 18:43:52 | 000,001,588 | ---- | M] () -- C:\Users\mark\wmplog06.sqm
[2010/06/28 07:03:20 | 000,001,428 | ---- | M] () -- C:\Users\mark\wmplog05.sqm
[2010/06/28 06:47:17 | 000,001,464 | ---- | M] () -- C:\Users\mark\wmplog04.sqm
[2010/06/16 10:12:25 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/06/08 14:26:20 | 000,001,692 | ---- | M] () -- C:\Users\mark\wmplog03.sqm
[2010/06/08 03:44:56 | 000,001,508 | ---- | M] () -- C:\Users\mark\wmplog02.sqm
[2010/05/27 02:15:44 | 000,001,428 | ---- | M] () -- C:\Users\mark\wmplog01.sqm
[2010/05/24 04:06:01 | 000,001,736 | ---- | M] () -- C:\Users\mark\wmplog00.sqm
[5 C:\Users\mark\*.tmp files -> C:\Users\mark\*.tmp -> ]
========== Files Created - No Company Name ========== [2011/03/16 00:23:28 | 001,006,747 | ---- | C] () -- C:\Users\mark\Desktop\rkill.scr
[2011/03/16 00:23:06 | 001,006,747 | ---- | C] () -- C:\Users\mark\Desktop\rkill2.com
[2011/03/16 00:22:33 | 001,006,747 | ---- | C] () -- C:\Users\mark\Desktop\rkill.exe
[2011/03/15 22:01:27 | 000,002,048 | ---- | C] () -- C:\Users\mark\MBX@14B0@20310B8.###
[2011/03/15 22:01:27 | 000,002,048 | ---- | C] () -- C:\Users\mark\MBX@14B0@2031088.###
[2011/03/15 22:01:27 | 000,002,048 | ---- | C] () -- C:\Users\mark\MBX@14B0@2031028.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | C] () -- C:\Users\mark\MBX@14B0@2031098.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | C] () -- C:\Users\mark\MBX@14B0@2031068.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | C] () -- C:\Users\mark\MBX@14B0@2031058.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | C] () -- C:\Users\mark\MBX@14B0@2031048.###
[2011/03/15 22:01:26 | 000,002,048 | ---- | C] () -- C:\Users\mark\MBX@14B0@2031038.###
[2011/03/15 21:50:53 | 000,001,340 | ---- | C] () -- C:\Users\mark\wmplog09.sqm
[2011/03/15 21:35:21 | 001,402,880 | ---- | C] () -- C:\Users\mark\Desktop\HiJackThis.msi
[2011/03/15 21:06:53 | 000,000,000 | ---- | C] () -- C:\Users\mark\Desktop\ccsetup304.exe
[2011/03/02 19:24:17 | 000,058,760 | ---- | C] () -- C:\Users\mark\symlcsv1.exe
[2011/01/11 01:12:22 | 000,000,279 | ---- | C] () -- C:\Users\Public\Documents\hpqp.ini
[2010/11/02 23:08:16 | 058,762,192 | ---- | C] () -- C:\Users\mark\WERC523.tmp.hdmp
[2010/10/21 05:26:19 | 000,001,460 | ---- | C] () -- C:\Users\mark\wmplog08.sqm
[2010/10/06 02:59:27 | 000,001,464 | ---- | C] () -- C:\Users\mark\wmplog07.sqm
[2010/07/08 18:43:52 | 000,001,588 | ---- | C] () -- C:\Users\mark\wmplog06.sqm
[2010/06/28 07:03:20 | 000,001,428 | ---- | C] () -- C:\Users\mark\wmplog05.sqm
[2010/06/28 06:47:17 | 000,001,464 | ---- | C] () -- C:\Users\mark\wmplog04.sqm
[2010/06/08 14:26:20 | 000,001,692 | ---- | C] () -- C:\Users\mark\wmplog03.sqm
[2010/06/08 03:44:56 | 000,001,508 | ---- | C] () -- C:\Users\mark\wmplog02.sqm
[2010/05/27 02:15:44 | 000,001,428 | ---- | C] () -- C:\Users\mark\wmplog01.sqm
[2010/05/24 04:06:01 | 000,001,736 | ---- | C] () -- C:\Users\mark\wmplog00.sqm
[2010/05/20 14:01:51 | 000,031,832 | ---- | C] () -- C:\Users\mark\mark.bmp
[2008/12/31 15:57:23 | 000,001,356 | ---- | C] () -- C:\Users\mark\AppData\Local\d3d9caps.dat
[2008/10/30 22:33:20 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/10/30 22:33:20 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/05/15 13:32:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/05/15 13:27:44 | 000,000,000 | ---- | C] () -- C:\Users\mark\AppData\Roaming\wklnhst.dat
[2008/05/15 12:40:20 | 000,003,584 | ---- | C] () -- C:\Users\mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/04 17:15:16 | 000,155,648 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2008/02/27 02:59:45 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/08/20 07:34:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll
[2007/08/20 07:25:00 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/20 07:10:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,312,336 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
< End of report >
OTL Extras logfile created on: 3/18/2011 2:07:47 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\mark\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,013.00 Mb Total Physical Memory | 645.00 Mb Available Physical Memory | 64.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.60 Gb Total Space | 106.30 Gb Free Space | 77.26% Space Free | Partition Type: NTFS
Drive D: | 11.45 Gb Total Space | 2.00 Gb Free Space | 17.44% Space Free | Partition Type: NTFS
Computer Name: MARK-PC | User Name: mark | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.reg [@ = regfile] -- regedit.exe "%1"
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" (Mozilla Corporation)
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CA4C70-B84A-412A-A500-A0FEE55BAFDA}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{07F0ED00-9FD9-4691-ACF1-14513B50A265}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{09EF94DC-ACB8-4E2D-B74E-8A2BD7C9154D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{12717326-5410-44F1-926F-4F724A277FC9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{152A25A7-DCB2-4DE9-8C34-5C9FCC4F3497}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{2A1A24FA-B14A-4329-987E-390D55A05FCC}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3F154F53-D869-4A26-99BC-E6CC98AFBD1E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4249D7A5-EEC9-401A-80EE-D368F63C57BF}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{5E66FD85-E4DD-4282-A960-63A599574477}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{70C37D40-BB13-4C3F-9637-F9C08D8EBAED}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{988591FC-FF31-4ECA-9ED0-4599A857FA4C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9D6B7519-1520-48FB-AF26-18D4E4DDEB8C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{B3CF36D9-405C-4A85-A083-EAD92E2B16C1}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C0DE6BEF-2EDD-4D2B-9472-8D374551A3DE}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{CB8E5433-1536-41EA-9D39-63612E2C6842}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DC8556BE-7202-420F-B169-40E21FAF90A1}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{F467A6DF-3FB8-4DB1-AE6C-F705C7407610}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{F630DBD8-A6E1-4DCD-BE5A-1B0842253205}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FEB9B56A-1EBF-405E-84C6-2E949E7EAAEE}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{0CECB9FD-EDC1-4DCC-96C0-8D7F2DB58DBA}C:\programdata\7708de\pi770_2164.exe" = protocol=6 | dir=in | app=c:\programdata\7708de\pi770_2164.exe |
"UDP Query User{851F16C0-FE1E-4C94-98F5-6EBD8A39A411}C:\programdata\7708de\pi770_2164.exe" = protocol=17 | dir=in | app=c:\programdata\7708de\pi770_2164.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
"{09A80604-AE3E-495B-AF6E-E77DF3FE5040}" = SymNet
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Simsâ„¢ Life Stories
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
"{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{50916B63-E173-450E-80C9-B9FC39B664D9}" = Symantec Real Time Storage Protection Component
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D7358B07-4F10-4014-9869-7999578BE8ED}" = HP User Guides 0093
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"AIM_6" = AIM 6
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (2.0)" = Mozilla Firefox (2.0)
"MSNINST" = MSN
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"TVWiz" = Intel(R) TV Wizard
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 3/15/2011 10:23:38 PM | Computer Name = mark-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.8.20061.1023 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 14a4 Start Time: 01cbe38079f5bd10 Termination Time: 312
Error - 3/15/2011 10:36:33 PM | Computer Name = mark-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.8.20061.1023 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 13a0 Start Time: 01cbe38133194eb0 Termination Time: 47
Error - 3/15/2011 11:01:33 PM | Computer Name = mark-PC | Source = Application Error | ID = 1000
Description = Faulting application EverNote.exe, version 2.2.1.387, time stamp 0x476917cf,
faulting module EverNote.exe, version 2.2.1.387, time stamp 0x476917cf, exception
code 0xc0000005, fault offset 0x003c8012, process id 0x14b0, application start time
0x01cbe3867046c4c0.
Error - 3/15/2011 11:27:32 PM | Computer Name = mark-PC | Source = WinMgmt | ID = 10
Description =
Error - 3/15/2011 11:32:21 PM | Computer Name = mark-PC | Source = WinMgmt | ID = 10
Description =
Error - 3/15/2011 11:41:58 PM | Computer Name = mark-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 320 Start Time: 01cbe38b46594d40 Termination Time: 0
Error - 3/16/2011 1:16:36 AM | Computer Name = mark-PC | Source = EventSystem | ID = 4609
Description =
Error - 3/16/2011 1:17:08 AM | Computer Name = mark-PC | Source = WinMgmt | ID = 10
Description =
Error - 3/16/2011 1:17:46 AM | Computer Name = mark-PC | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description =
Error - 3/16/2011 1:20:06 AM | Computer Name = mark-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 11/2/2010 3:01:11 AM | Computer Name = mark-PC | Source = ehSched | ID = 5
Description = CResourceMgr::GetEhepgdat Error GetEhepgdatDispatcher 0x80040154
[ System Events ]
Error - 3/18/2011 3:03:40 PM | Computer Name = mark-PC | Source = HTTP | ID = 15016
Description =
Error - 3/18/2011 3:05:33 PM | Computer Name = mark-PC | Source = DCOM | ID = 10005
Description =
Error - 3/18/2011 3:05:41 PM | Computer Name = mark-PC | Source = DCOM | ID = 10005
Description =
Error - 3/18/2011 3:05:44 PM | Computer Name = mark-PC | Source = DCOM | ID = 10005
Description =
Error - 3/18/2011 3:05:45 PM | Computer Name = mark-PC | Source = DCOM | ID = 10005
Description =
Error - 3/18/2011 3:06:44 PM | Computer Name = mark-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 3/18/2011 3:06:44 PM | Computer Name = mark-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 3/18/2011 3:06:44 PM | Computer Name = mark-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 3/18/2011 3:06:44 PM | Computer Name = mark-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 3/18/2011 3:06:44 PM | Computer Name = mark-PC | Source = Service Control Manager | ID = 7023
Description =
< End of report >
