The first time I ran RKUnhooker I got a BSOD. The 2nd time I clicked scan and it froze. The third time however it magically worked! Here's the report:
RkU Report:
-----------
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6001 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x8BE00000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7467008 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 175.21 )
0x82044000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x82044000 PnpManager 3903488 bytes
0x82044000 RAW 3903488 bytes
0x82044000 WMIxWDM 3903488 bytes
0x96C90000 Win32k 2109440 bytes
0x96C90000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8CA00000 C:\Windows\system32\drivers\RTKVHDA.sys 2043904 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x87806000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)
0x82677000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8B804000 C:\Windows\system32\DRIVERS\nvmfdx32.sys 1060864 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
0x8B600000 C:\Windows\system32\DRIVERS\HSX_DP.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x87606000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)
0x80468000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA080C000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8B702000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x8CECE000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
0x8C51F000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x80548000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82606000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9CC0A000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x9CD7A000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x96EE0000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x877AE000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 311296 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x8069D000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8C974000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80601000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80427000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8074F000 C:\Windows\system32\drivers\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x87761000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8CE08000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x827AD000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9CD01000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x87915000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8C804000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82011000 ACPI_HAL 208896 bytes
0x82011000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x80790000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8C942000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8C5CB000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8C849000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x82782000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x805D1000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x9CD52000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x87965000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x80658000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8C876000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8B94C000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8799D000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8C8C5000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9CCC2000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x9CCE2000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x80714000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8CE7C000 C:\Windows\System32\Drivers\dump_nvstor32.sys 118784 bytes
0x80732000 C:\Windows\system32\drivers\nvstor32.sys 118784 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0x9CC77000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x876EF000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x9CC94000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8B907000 C:\Windows\SYSTEM32\DRIVERS\CDROM.SYS 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9CD3A000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8CE4E000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8B92A000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xA092F000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8C9BC000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8C918000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9CCAD000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8B992000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0xA0908000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8B97E000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8C92E000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8772E000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8CF8D000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8C9E0000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8B7E2000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8CE99000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 73728 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xA091D000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8798C000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8C838000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8040E000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8771E000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0x807C2000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8CF7D000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x806FC000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8B7C4000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8B9A7000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8CEB7000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x87956000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8067F000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8B96F000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8779F000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8068E000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8B7D4000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x96ED0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8C9D2000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8C901000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x806EE000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8CE65000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8B7B7000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8B9C1000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8C5BE000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x805C4000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA08F4000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8C8B9000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8774C000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x87741000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8C8F6000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8B941000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8B91F000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8770A000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8CE72000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x8CEAD000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8B9B7000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8CE44000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x807D2000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xA08EA000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x87757000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x879BE000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8CBF3000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xA0957000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8C90F000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x96EB0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x87715000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x80647000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8070C000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8041F000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x80406000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x80650000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8C8E6000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8C8EE000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8794E000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xA0900000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8C8A2000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8C8B2000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8C89B000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x806E7000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x879FB000 C:\Windows\system32\DRIVERS\PS2.sys 20480 bytes (Hewlett-Packard Company, PS2 SYS)
0x9CDC9000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8C5F9000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8CEAB000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x86133A9B Unknown page with executable code, 1381 bytes
0x87915000 WARNING: Virus alike driver modification [volsnap.sys], 233472 bytes
0x86132288 Unknown page with executable code, 3448 bytes
0x8613419B Unknown page with executable code, 3685 bytes
0x86136E84 Unknown thread object [ ETHREAD 0x866DB620 ] TID: 316, 600 bytes
0x86139084 Unknown thread object [ ETHREAD 0x866E3C28 ] TID: 320, 600 bytes
0x8613815A Unknown thread object [ ETHREAD 0x866E3980 ] , 600 bytes
0x86136B4F Unknown thread object [ ETHREAD 0x866E8020 ] , 600 bytes
0x86138D58 Unknown page with executable code, 680 bytes
0x003E0000 Hidden Image-->HP.ActiveSupportLibrary.dll [ EPROCESS 0x8462F450 ] PID: 1624, 86016 bytes
Here's the OTL report:
----------------------
OTL logfile created on: 5/18/2011 6:24:34 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Danny\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 326.48 Gb Total Space | 152.94 Gb Free Space | 46.84% Space Free | Partition Type: NTFS
Drive D: | 8.87 Gb Total Space | 1.23 Gb Free Space | 13.81% Space Free | Partition Type: NTFS
Computer Name: COMPUTER | User Name: Danny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/05/18 18:23:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Danny\Desktop\OTL.exe
PRC - [2011/05/12 11:28:50 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/14 20:08:14 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeccoms.exe
PRC - [2010/04/14 20:08:06 | 000,193,192 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxecserv.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (SafeList) ==========
MOD - [2011/05/18 18:23:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Danny\Desktop\OTL.exe
MOD - [2010/08/31 08:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (FLEXnet Licensing Service)
SRV - [2011/05/18 17:37:04 | 000,006,656 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\3D4950F4.exe -- (3D4950F4)
SRV - [2010/04/14 20:08:14 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeccoms.exe -- (lxec_device)
SRV - [2010/04/14 20:08:06 | 000,193,192 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/02/04 16:26:06 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
========== Driver Services (SafeList) ==========
DRV - [2011/05/02 13:38:35 | 000,024,448 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rkhdrv40.sys -- (rkhdrv40)
DRV - [2008/05/22 15:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/26 12:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/05/03 11:29:10 | 001,065,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2240819359-1099125703-168567900-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.bing.com/?pc=AVBR
IE - HKU\S-1-5-21-2240819359-1099125703-168567900-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ddg.gg
IE - HKU\S-1-5-21-2240819359-1099125703-168567900-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {F4F1DC40-AF45-46D5-9501-8C81D216AE56}:1.9.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKLM\software\mozilla\Firefox\Extensions\\{F4F1DC40-AF45-46D5-9501-8C81D216AE56}: C:\Users\Danny\AppData\Local\{F4F1DC40-AF45-46D5-9501-8C81D216AE56} [2010/08/15 17:28:12 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/12 11:28:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/12 11:28:54 | 000,000,000 | ---D | M]
[2010/08/16 00:43:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Extensions
[2011/05/18 16:35:48 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\gcbmxy41.default\extensions
[2011/05/07 18:06:23 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\gcbmxy41.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/04/21 10:24:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\gcbmxy41.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/04/10 20:14:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/15 17:28:12 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\DANNY\APPDATA\LOCAL\{F4F1DC40-AF45-46D5-9501-8C81D216AE56}
[2011/01/30 23:46:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
Hosts file not found
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKU\S-1-5-21-2240819359-1099125703-168567900-1001\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-2240819359-1099125703-168567900-1001\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-2240819359-1099125703-168567900-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KatMouse.lnk = C:\Program Files\KatMouse\KatMouse.exe ()
O4 - Startup: C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KatMouse.lnk = C:\Program Files\KatMouse\KatMouse.exe ()
O7 - HKU\S-1-5-21-2240819359-1099125703-168567900-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - File not found
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2240819359-1099125703-168567900-1001\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-2240819359-1099125703-168567900-1001\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-2240819359-1099125703-168567900-1001\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3}
http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/30 05:05:48 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/12 11:49:37 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2011/05/12 11:49:37 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2011/05/12 11:49:37 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2011/05/12 11:49:37 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2011/05/12 11:49:36 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2011/05/12 11:49:25 | 000,000,000 | ---D | C] -- C:\Temp
[2011/05/12 11:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wizards of the Coast
[2011/05/12 11:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\Wizards of the Coast
[2011/05/11 19:34:42 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Danny\Desktop\OTL.exe
[2011/05/11 19:32:10 | 000,000,000 | ---D | C] -- C:\Users\Danny\Desktop\Viral Report
[2011/05/11 19:30:59 | 000,100,736 | ---- | C] (GMER) -- C:\pwddqpoc.sys
[2011/05/11 19:30:43 | 000,000,000 | ---D | C] -- C:\Users\Danny\Desktop\gmer
[2011/05/07 19:20:27 | 000,000,000 | ---D | C] -- C:\Users\Danny\Desktop\Event
[2011/05/07 19:19:44 | 000,000,000 | ---D | C] -- C:\Users\Danny\Desktop\pics_1.1
[2011/05/07 16:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/07 16:13:50 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Danny\Desktop\esetsmartinstaller_enu.exe
[2011/05/07 15:57:23 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/05/07 15:29:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/01 02:11:57 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Danny\Desktop\abc123.com
[2011/04/30 00:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/04/27 17:02:37 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/27 17:02:36 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/26 10:24:35 | 001,413,120 | ---- | C] (Option^Explicit Software Solutions) -- C:\Users\Danny\Desktop\winsockfix.exe
[2011/04/26 10:18:11 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Users\Danny\Desktop\cmd.exe
[2011/04/26 09:57:15 | 000,186,880 | ---- | C] (CEXX.ORG) -- C:\Users\Danny\Desktop\LSPFix.exe
[2011/04/26 09:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/26 09:32:54 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/04/25 19:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Ezprint
[2011/04/25 19:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Lx_cats
[2011/04/25 19:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 6.0 Sprint
[2011/04/25 19:35:16 | 000,000,000 | ---D | C] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2011/04/25 19:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Tools for Office
[2011/04/25 19:34:57 | 000,372,736 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\LXECwupd.dll
[2011/04/25 19:34:57 | 000,213,672 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\LXECwupd.exe
[2011/04/25 19:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar
[2011/04/25 19:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark
[2011/04/25 19:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Printable Web
[2011/04/25 19:32:57 | 000,007,680 | ---- | C] (eaio) -- C:\Windows\System32\NativeCall.dll
[2011/04/25 19:32:46 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeccomm.dll
[2011/04/25 19:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Pro800-Pro900 Series
[2011/04/25 19:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark
[2011/04/21 23:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/04/21 20:26:07 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/04/21 10:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/21 10:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/04/21 10:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/21 10:47:16 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Danny\Desktop\spybotsd162.exe
[2011/04/21 10:41:53 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Roaming\AVG
[2011/04/21 01:43:44 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Roaming\AVG10
[2011/04/21 01:38:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/04/21 01:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/04/21 01:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/04/21 01:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/04/20 15:10:14 | 000,000,000 | R--D | C] -- C:\Users\Danny\Desktop\Amazon
[2010/04/14 20:08:16 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxecih.exe
[2010/04/14 20:08:14 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeccoms.exe
[2010/04/14 20:08:12 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeccfg.exe
[2010/04/13 19:41:34 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeccoin.dll
[2009/12/09 19:47:50 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxecpmui.dll
[2009/12/09 19:43:14 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxecserv.dll
[2009/12/09 19:41:22 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxechbn3.dll
[2009/12/09 19:40:12 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxecusb1.dll
[2009/12/09 19:37:34 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxechcp.dll
[2009/12/09 19:36:32 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeclmpm.dll
[2009/12/09 19:35:50 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeciesc.dll
[2009/12/09 19:35:44 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeccomc.dll
[2009/12/09 19:35:32 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxecinpa.dll
========== Files - Modified Within 30 Days ==========
[2011/05/18 18:23:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Danny\Desktop\OTL.exe
[2011/05/18 18:22:51 | 000,612,592 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/18 18:22:51 | 000,107,654 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/18 18:18:06 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/18 18:18:05 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/18 18:18:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/18 18:17:56 | 2011,668,480 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/18 17:37:04 | 000,006,656 | ---- | M] () -- C:\Windows\System32\3D4950F4.exe
[2011/05/18 17:34:35 | 253,410,766 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/18 17:31:14 | 000,133,632 | ---- | M] () -- C:\Users\Danny\Desktop\RKUnhookerLE.EXE
[2011/05/18 07:01:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDanny.job
[2011/05/12 11:53:52 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\Magic Online.lnk
[2011/05/11 19:30:59 | 000,100,736 | ---- | M] (GMER) -- C:\pwddqpoc.sys
[2011/05/11 19:30:11 | 000,625,664 | ---- | M] () -- C:\Users\Danny\Desktop\dds.scr
[2011/05/11 19:29:44 | 000,293,775 | ---- | M] () -- C:\Users\Danny\Desktop\gmer.zip
[2011/05/11 01:09:04 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMarty.job
[2011/05/08 21:14:36 | 001,914,496 | ---- | M] (Trend Micro Inc.) -- C:\Users\Danny\Desktop\HousecallLauncher.exe
[2011/05/07 16:13:52 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Danny\Desktop\esetsmartinstaller_enu.exe
[2011/05/07 15:45:54 | 004,343,224 | R--- | M] () -- C:\Users\Danny\Desktop\ComboFix.exe
[2011/05/02 13:38:35 | 000,024,448 | ---- | M] () -- C:\Windows\System32\drivers\rkhdrv40.sys
[2011/05/01 02:12:10 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Danny\Desktop\abc123.com
[2011/04/26 10:27:08 | 000,002,523 | ---- | M] () -- C:\Users\Danny\Desktop\HiJackThis.lnk
[2011/04/26 10:24:32 | 001,413,120 | ---- | M] (Option^Explicit Software Solutions) -- C:\Users\Danny\Desktop\winsockfix.exe
[2011/04/26 09:57:10 | 000,186,880 | ---- | M] (CEXX.ORG) -- C:\Users\Danny\Desktop\LSPFix.exe
[2011/04/25 22:42:04 | 000,208,432 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[2011/04/25 22:41:11 | 000,001,838 | ---- | M] () -- C:\Users\Public\Desktop\Launch Lexmark Printer Home.LNK
[2011/04/25 22:40:46 | 000,001,752 | ---- | M] () -- C:\Users\Public\Desktop\Visit Lexmark SmartSolutions.LNK
[2011/04/23 02:10:49 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/04/21 10:49:29 | 000,001,081 | ---- | M] () -- C:\Users\Danny\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/21 10:49:29 | 000,001,057 | ---- | M] () -- C:\Users\Danny\Desktop\Spybot - Search & Destroy.lnk
[2011/04/21 10:47:15 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Danny\Desktop\spybotsd162.exe
[2011/04/20 20:23:34 | 000,013,661 | ---- | M] () -- C:\Users\Danny\Desktop\festerwhitegray_edited-1.png
[2011/04/20 20:11:39 | 000,051,629 | ---- | M] () -- C:\Users\Danny\Desktop\AD701B51-CF1D-7AA0-02D6B5A775588E73.jpg
[2011/04/20 20:00:02 | 000,100,810 | ---- | M] () -- C:\Users\Danny\Desktop\1920__s_mario_by_itsfrisbee-d31dpi2.png
[2011/04/20 19:58:10 | 000,031,693 | ---- | M] () -- C:\Users\Danny\Desktop\$(KGrHqMOKjkE1uDQBwyMBNri!U(Qb!~~_12.JPG
[2011/04/20 19:46:46 | 000,027,016 | ---- | M] () -- C:\Users\Danny\Desktop\61Yp6zWNVNL._SL500_AA280_.jpg
========== Files Created - No Company Name ==========
[2011/05/18 17:37:04 | 000,006,656 | ---- | C] () -- C:\Windows\System32\3D4950F4.exe
[2011/05/18 17:33:59 | 253,410,766 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/18 17:31:21 | 000,133,632 | ---- | C] () -- C:\Users\Danny\Desktop\RKUnhookerLE.EXE
[2011/05/12 11:53:52 | 000,001,954 | ---- | C] () -- C:\Users\Public\Desktop\Magic Online.lnk
[2011/05/11 19:30:12 | 000,625,664 | ---- | C] () -- C:\Users\Danny\Desktop\dds.scr
[2011/05/11 19:29:33 | 000,293,775 | ---- | C] () -- C:\Users\Danny\Desktop\gmer.zip
[2011/05/07 15:45:17 | 004,343,224 | R--- | C] () -- C:\Users\Danny\Desktop\ComboFix.exe
[2011/05/02 13:25:49 | 000,024,448 | ---- | C] () -- C:\Windows\System32\drivers\rkhdrv40.sys
[2011/04/26 09:32:54 | 000,002,523 | ---- | C] () -- C:\Users\Danny\Desktop\HiJackThis.lnk
[2011/04/25 19:33:38 | 000,001,838 | ---- | C] () -- C:\Users\Public\Desktop\Launch Lexmark Printer Home.LNK
[2011/04/25 19:33:09 | 000,001,752 | ---- | C] () -- C:\Users\Public\Desktop\Visit Lexmark SmartSolutions.LNK
[2011/04/25 19:32:57 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxecrwrd.ini
[2011/04/25 19:32:52 | 000,331,776 | ---- | C] () -- C:\Windows\System32\LXECinst.dll
[2011/04/25 19:31:26 | 000,208,432 | ---- | C] () -- C:\Windows\System32\LexFiles.ulf
[2011/04/21 10:49:29 | 000,001,081 | ---- | C] () -- C:\Users\Danny\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/21 10:49:29 | 000,001,057 | ---- | C] () -- C:\Users\Danny\Desktop\Spybot - Search & Destroy.lnk
[2011/04/20 20:23:34 | 000,013,661 | ---- | C] () -- C:\Users\Danny\Desktop\festerwhitegray_edited-1.png
[2011/04/20 20:11:39 | 000,051,629 | ---- | C] () -- C:\Users\Danny\Desktop\AD701B51-CF1D-7AA0-02D6B5A775588E73.jpg
[2011/04/20 20:00:02 | 000,100,810 | ---- | C] () -- C:\Users\Danny\Desktop\1920__s_mario_by_itsfrisbee-d31dpi2.png
[2011/04/20 19:58:10 | 000,031,693 | ---- | C] () -- C:\Users\Danny\Desktop\$(KGrHqMOKjkE1uDQBwyMBNri!U(Qb!~~_12.JPG
[2011/04/20 19:46:46 | 000,027,016 | ---- | C] () -- C:\Users\Danny\Desktop\61Yp6zWNVNL._SL500_AA280_.jpg
[2011/04/10 17:03:06 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2010/09/15 00:32:00 | 000,000,173 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/08/16 17:03:33 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/08/16 17:03:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/08/16 00:43:41 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/15 21:09:14 | 000,000,036 | -H-- | C] () -- C:\Users\Danny\AppData\Local\housecall.guid.cache
[2009/12/01 15:21:26 | 000,000,032 | ---- | C] () -- C:\Windows\wininit.ini
[2009/11/09 08:06:52 | 000,106,496 | ---- | C] () -- C:\Windows\System32\lxecinsr.dll
[2009/11/09 08:06:50 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeccur.dll
[2009/11/09 08:06:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxecjswr.dll
[2009/11/09 08:06:26 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxecinsb.dll
[2009/11/09 08:06:22 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeccub.dll
[2009/11/09 08:06:14 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxecgrd.dll
[2009/11/09 08:06:06 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeccu.dll
[2009/11/09 08:05:54 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxecins.dll
[2009/11/09 07:59:58 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxecgcfg.dll
[2009/10/21 10:06:22 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeccuir.dll
[2009/10/21 10:06:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeccui.dll
[2009/08/31 20:28:35 | 000,000,273 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/05/09 14:31:21 | 000,000,000 | -H-- | C] () -- C:\Users\Danny\AppData\Roaming\wklnhst.dat
[2009/02/20 08:48:44 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lxecsmr.dll
[2009/02/20 08:48:04 | 000,299,008 | ---- | C] () -- C:\Windows\System32\lxecsm.dll
[2009/02/02 23:39:32 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/02/02 23:39:31 | 002,330,643 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2009/02/02 23:39:30 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/02/02 23:39:30 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/02/02 23:39:30 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/02/02 23:39:29 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/02/01 16:52:36 | 000,000,067 | ---- | C] () -- C:\Windows\iltwain.ini
[2008/11/21 19:14:39 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2008/03/31 21:37:17 | 000,009,728 | -H-- | C] () -- C:\Users\Danny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/05 02:55:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxecvs.dll
[2008/01/31 04:01:22 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007/12/09 18:16:02 | 000,147,647 | ---- | C] () -- C:\Windows\hpoins21.dat
[2007/12/09 18:16:02 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2007/08/30 04:55:59 | 000,107,026 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/08/30 04:42:33 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/08/30 04:40:05 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/08/30 04:40:04 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/07/19 08:07:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/13 23:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/13 23:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 002,557,520 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,612,592 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,107,654 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/26 21:33:42 | 000,540,672 | ---- | C] () -- C:\Windows\System32\TX32.DLL
[2006/09/26 21:33:42 | 000,229,376 | ---- | C] () -- C:\Windows\System32\ISP2000.dll
[2006/09/26 21:33:42 | 000,063,488 | ---- | C] () -- C:\Windows\System32\Eztw32.dll
[2006/09/26 21:33:26 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
[2006/09/26 21:33:24 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:322EAACD
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
Extras report:
--------------
OTL Extras logfile created on: 5/18/2011 6:24:34 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Danny\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 326.48 Gb Total Space | 152.94 Gb Free Space | 46.84% Space Free | Partition Type: NTFS
Drive D: | 8.87 Gb Total Space | 1.23 Gb Free Space | 13.81% Space Free | Partition Type: NTFS
Computer Name: COMPUTER | User Name: Danny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-2240819359-1099125703-168567900-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{626DDB1B-0EE1-4C51-938C-6B242C9C85E7}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{D9296474-A761-4763-83E1-6169E3C63457}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0863B675-666E-4089-A46D-9DCC3487EB4E}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{0BD22D10-9855-4EED-A1E3-6012D7CA97C0}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{0E22A5CB-19C4-4D64-ABFD-47D06A7D5C0C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{1DCBE47F-3DB6-48DC-9E5C-3D708195D269}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{23E6E6B9-244A-411B-9BC7-1C5EE708EF6C}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{27A32BE9-A7EC-4BEB-9630-FCEAB96911C6}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{33CF69EA-9009-4C81-AF46-5C3D9402C0DF}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{417F9BFE-9732-4587-A481-D43C72E6DADE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{5DBB0B68-602C-4751-8916-CD57C9021764}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6AD05BE4-BCBA-41D1-9832-70A840061D5F}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{7068075B-304E-4F72-927F-5E74D80E197D}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{8EBDAFF9-4B21-43FF-A914-D93F24C408AD}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{A60E48E0-4190-4924-BADD-ADFD1C7897D7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B39C2337-922D-47BE-8C43-1CA6A9C8CEEC}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{B70DE0C1-C846-44DC-BDCC-D0E982AB0955}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{BAE68410-8642-4A46-A7BF-B001A90403C1}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{C4DAD393-2687-4F1E-B6DC-75105C4C5A3F}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{C700B50C-32EF-4AFD-BC57-841E7DDB2602}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C75D04E4-749D-4C2A-873C-8AC950EB3F3A}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{C9AC50FF-C928-49C1-9E21-F7B36B00650C}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe |
"{CFC1F63A-AE91-47EB-9890-8E64D5A1682A}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe |
"{D8418922-D395-4C94-A3CF-B93817030AD0}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{DD1A2349-04B5-44F5-9E11-63E40E66597C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E156B179-F6D1-4CDF-9BA3-9C91F72D2E14}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{EBAD6180-DB60-4095-9BF1-CDBD121AD500}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{EE553255-C6E0-4009-A0EC-5ADA336EBC32}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{F5F420D8-3923-41F4-991B-E85942BA23E9}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F7FF1CA7-F47C-4E12-81C5-8E50901EA004}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{FF47418D-BEC8-460B-B5AB-833318373C29}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"TCP Query User{07E16BFA-25BD-40EF-B21A-0550B1918BE3}C:\program files\avant browser\avant.exe" = protocol=6 | dir=in | app=c:\program files\avant browser\avant.exe |
"TCP Query User{AFBBA04A-570A-434B-8353-7BB0124C2600}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{E9BCC407-62FB-4E29-AB41-E1D362E75AB4}C:\program files\avant browser\avant.exe" = protocol=6 | dir=in | app=c:\program files\avant browser\avant.exe |
"UDP Query User{7D53B8A4-34EF-4ADB-9995-72D0E5274B8F}C:\program files\avant browser\avant.exe" = protocol=17 | dir=in | app=c:\program files\avant browser\avant.exe |
"UDP Query User{D16E937C-AC0E-45EA-9A3E-A93A564A30B2}C:\program files\avant browser\avant.exe" = protocol=17 | dir=in | app=c:\program files\avant browser\avant.exe |
"UDP Query User{EEE7ECE4-5F52-4F67-817C-C6253E21A245}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}" = HP Active Support Library
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DDA7620-4F8B-43B3-8828-CA5EE292FA3B}" = HP Total Care Advisor
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{14AF024E-2E3B-49D0-A175-D1C1A06B155A}" = muvee autoProducer 6.0
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8B20B4D0-2F43-480A-B9BE-F9109E796BCB}" = Home Office Publisher
"{8BBA35B6-E1A9-4FE0-892B-8F7980584D52}" = NetZero Internet and Voice Offer
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B46AC30C-22D2-4610-B041-1DA7BB29EB57}" = HP Photosmart All-In-One Software 9.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAFFEF7F-08B3-45b3-B215-418175C4E9DD}" = c5200_Help
"{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C708333C-B1B9-43be-B797-49FEC7A8D15B}" = C5200
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C9EAEE6B-741F-421D-B9CE-9FA300DA92AD}_is1" = Super Mario Bros. X version 1.3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1E03284-66FD-4292-8239-504CEC5B0CC3}" = C5200_doccd
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D49B0B95-DF54-40E9-9169-8BB6A6A1E03F}" = The Print Shop 23
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Audacity_is1" = Audacity 1.2.6
"AvantBrowser" = Avant Browser (remove only)
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"ESET Online Scanner" = ESET Online Scanner v3
"ExtractNow_is1" = ExtractNow
"Foxit Reader" = Foxit Reader
"Free FLV Converter_is1" = Free FLV Converter V 6.96.0
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 2.9
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"KatMouse" = KatMouse (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.5.3
"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MP3MyMP3_is1" = MP3MyMP3 3.0
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"Perfect Business Card Maker" = Perfect Business Card Maker
"PokerStars" = PokerStars
"Raptr" = Raptr
"Rhapsody" = Rhapsody
"Steam App 10" = Counter-Strike
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Trillian" = Trillian
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"UltimateZip_is1" = UltimateZip
"UnderCoverXP_is1" = UnderCoverXP 1.23
"Uninstall_is1" = Uninstall 1.0.0.0
"Universal Extractor_is1" = Universal Extractor 1.6
"Unlocker" = Unlocker 1.9.0
"VLC media player" = VLC media player 1.1.7
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WildTangent hp Master Uninstall" = My HP Games
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2240819359-1099125703-168567900-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 6/5/2009 5:38:19 PM | Computer Name = Computer | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.
Error - 6/5/2009 5:40:24 PM | Computer Name = Computer | Source = WerSvc | ID = 5007
Description =
Error - 6/5/2009 11:31:52 PM | Computer Name = Computer | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.
Error - 6/5/2009 11:34:05 PM | Computer Name = Computer | Source = WerSvc | ID = 5007
Description =
Error - 6/6/2009 5:47:30 AM | Computer Name = Computer | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.
Error - 6/6/2009 5:49:41 AM | Computer Name = Computer | Source = WerSvc | ID = 5007
Description =
Error - 6/6/2009 6:01:39 AM | Computer Name = Computer | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.
Error - 6/6/2009 6:03:49 AM | Computer Name = Computer | Source = WerSvc | ID = 5007
Description =
Error - 6/6/2009 12:02:29 PM | Computer Name = Computer | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.
Error - 6/6/2009 12:04:35 PM | Computer Name = Computer | Source = WerSvc | ID = 5007
Description =
[ Media Center Events ]
Error - 4/29/2008 1:37:24 PM | Computer Name = Computer | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 5/24/2008 8:41:24 AM | Computer Name = Computer | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 5/24/2008 5:29:37 PM | Computer Name = Computer | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 6/2/2008 9:20:25 PM | Computer Name = Computer | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 6/7/2008 6:18:13 AM | Computer Name = Computer | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 6/30/2008 1:35:13 PM | Computer Name = Computer | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 7/10/2008 1:32:41 PM | Computer Name = Computer | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 8/28/2008 11:53:13 AM | Computer Name = Computer | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 10/7/2009 6:55:15 PM | Computer Name = Computer | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 4/7/2011 2:32:21 PM | Computer Name = Computer | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ OSession Events ]
Error - 4/13/2011 11:19:57 PM | Computer Name = Computer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8507
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 5/16/2011 1:54:39 PM | Computer Name = Computer | Source = HTTP | ID = 15016
Description =
Error - 5/17/2011 12:46:57 AM | Computer Name = Computer | Source = HTTP | ID = 15016
Description =
Error - 5/18/2011 1:53:03 AM | Computer Name = Computer | Source = HTTP | ID = 15016
Description =
Error - 5/18/2011 3:24:24 PM | Computer Name = Computer | Source = HTTP | ID = 15016
Description =
Error - 5/18/2011 5:26:07 PM | Computer Name = Computer | Source = HTTP | ID = 15016
Description =
Error - 5/18/2011 7:24:46 PM | Computer Name = Computer | Source = HTTP | ID = 15016
Description =
Error - 5/18/2011 8:34:00 PM | Computer Name = Computer | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:32:39 PM on 5/18/2011 was unexpected.
Error - 5/18/2011 8:34:24 PM | Computer Name = Computer | Source = HTTP | ID = 15016
Description =
Error - 5/18/2011 9:18:01 PM | Computer Name = Computer | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:16:53 PM on 5/18/2011 was unexpected.
Error - 5/18/2011 9:18:04 PM | Computer Name = Computer | Source = HTTP | ID = 15016
Description =
< End of report >
Thanks for the help! Can't wait to get this off this computer! Also I should note I'm starting to get internet explorer redirects, and actual internet explorer opening itself to random pages(lots of blank ones too.)
Help
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
This topic is locked
Attach.txt (8.27K)
Back to top
icon on your desktop.
button.
textbox.
button.
to download the ESET Smart Installer. Save it to your desktop.
icon on your desktop.
button.
, and save the file to your desktop using a unique name, such as
button.
