Jump to content


Photo

Please Help


  • This topic is locked This topic is locked
24 replies to this topic

#1 djs

djs

    Advanced Member

  • Members
  • PipPipPip
  • 76 posts

Posted 18 May 2011 - 12:29 PM

I keep getting pop up saying that I have a security issue. The pop up's appear to be legitimate Windows XP messages, however at closer look, they say something like "total security center" and want me to pay $$$. When I try to get to the internet thru desktop icons, I am redirected to a site that says I have a serious security breach and will not allow me to move forward. Thanks in advance for your assistance. Below are my OTL logs.

#2 djs

djs

    Advanced Member

  • Members
  • PipPipPip
  • 76 posts

Posted 18 May 2011 - 12:29 PM

I keep getting pop up saying that I have a security issue. The pop up's appear to be legitimate Windows XP messages, however at closer look, they say something like "total security center" and want me to pay $$$. When I try to get to the internet thru desktop icons, I am redirected to a site that says I have a serious security breach and will not allow me to move forward. Thanks in advance for your assistance. Below are my OTL logs.




OTL Extras logfile created on: 2011-05-18 7:16:54 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\The Mother\Desktop\CPT CLEANUP 5_11
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

510.00 Mb Total Physical Memory | 140.00 Mb Available Physical Memory | 27.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 37.39 Gb Free Space | 50.21% Space Free | Partition Type: NTFS

Computer Name: SPRINGER | User Name: The Mother | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Documents and Settings\The Mother\Local Settings\Application Data\sea.exe ()
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [+ Add to separate archive(s)] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-add2archive" "%1" (Giorgio Tani)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:FiOS Tech Wizard
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\The Mother\Local Settings\Temp\7zS00CD\setup\hpznui01.exe" = C:\Documents and Settings\The Mother\Local Settings\Temp\7zS00CD\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
"C:\Documents and Settings\The Mother\Local Settings\Temp\7zS535F\setup\hpznui01.exe" = C:\Documents and Settings\The Mother\Local Settings\Temp\7zS535F\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\The Mother\Local Settings\Temp\7zS4994\setup\hpznui01.exe" = C:\Documents and Settings\The Mother\Local Settings\Temp\7zS4994\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\The Mother\Local Settings\Temp\7zS02FB\setup\hpznui01.exe" = C:\Documents and Settings\The Mother\Local Settings\Temp\7zS02FB\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\The Mother\Local Settings\Temp\7zS3B61\setup\hpznui01.exe" = C:\Documents and Settings\The Mother\Local Settings\Temp\7zS3B61\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
"C:\Program Files\Common Files\AOL\1201988569\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1201988569\ee\aolsoftware.exe:*:Enabled:AOL Shared Components
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL
"C:\Documents and Settings\The Mother\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\The Mother\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin
"C:\Documents and Settings\The Mother\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\The Mother\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealOne Player -- (RealNetworks, Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\The Mother\Local Settings\Temp\7zS00CD\setup\hpznui01.exe" = C:\Documents and Settings\The Mother\Local Settings\Temp\7zS00CD\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
"C:\Documents and Settings\The Mother\Local Settings\Temp\7zS535F\setup\hpznui01.exe" = C:\Documents and Settings\The Mother\Local Settings\Temp\7zS535F\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\The Mother\Local Settings\Temp\7zS4994\setup\hpznui01.exe" = C:\Documents and Settings\The Mother\Local Settings\Temp\7zS4994\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\The Mother\Local Settings\Temp\7zS02FB\setup\hpznui01.exe" = C:\Documents and Settings\The Mother\Local Settings\Temp\7zS02FB\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\The Mother\Local Settings\Temp\7zS3B61\setup\hpznui01.exe" = C:\Documents and Settings\The Mother\Local Settings\Temp\7zS3B61\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{231F68F4-70E4-41A6-BEDA-7E7934169B54}" = Maxtor OneTouch
"{23C12370-3A82-4558-B727-F345B473AD87}" = BlackBerry Device Software Updater
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 22
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2b02f822-a9b9-458c-80e5-3ea8c0de8471}" = QuickBooks Pro Edition 2004
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.2
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 2.8.1
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{625BD732-ACDF-4552-BF22-98EBB413B6F3}" = McAfee Shredder
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver 14.0 Rel. 6
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6916E491-8BBF-4E8A-AFAD-D01307C059E5}" = Vz In Home Agent
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{9B79DCB0-AAD7-456B-8D07-433C936FA24B}" = DS21Patch
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BF5EE349-90CD-4422-A43B-661778180173}" = USB Disk Win98 Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3E3C2C5-B78F-560D-01C0-A9F11945D17B}" = Pandora
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}" = Easy Driver Pro
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AsfTools 3.1" = AsfTools 3.1 (remove only)
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1" = Pandora
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
"HP Photo Creations" = HP Photo Creations
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{231F68F4-70E4-41A6-BEDA-7E7934169B54}" = Maxtor OneTouch
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MXOFX" = USB Storage Adapter FX (MXO)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"PROSet" = Intel® PRO Network Adapters and Drivers
"PSP_Movie_Creator" = PSP Movie Creator(remove only)
"RealPlayer 6.0" = RealOne Player
"RPADeinstKey" = RPADLL
"Shockwave" = Shockwave
"Sierra Utilities" = Sierra Utilities
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Verizon Help and Support" = Verizon Help and Support Tool
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2011-04-24 1:49:55 PM | Computer Name = SPRINGER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2011-04-24 1:49:55 PM | Computer Name = SPRINGER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 40375

Error - 2011-04-24 1:49:55 PM | Computer Name = SPRINGER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 40375

Error - 2011-04-24 1:49:57 PM | Computer Name = SPRINGER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2011-04-24 1:49:57 PM | Computer Name = SPRINGER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 42406

Error - 2011-04-24 1:49:57 PM | Computer Name = SPRINGER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 42406

Error - 2011-04-24 2:52:41 PM | Computer Name = SPRINGER | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4095, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2011-04-24 2:52:45 PM | Computer Name = SPRINGER | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4095, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.

Error - 2011-04-27 10:30:50 PM | Computer Name = SPRINGER | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4095, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.

Error - 2011-05-04 5:43:33 PM | Computer Name = SPRINGER | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4127, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.

[ System Events ]
Error - 2011-05-17 10:00:00 PM | Computer Name = SPRINGER | Source = Schedule | ID = 7901
Description = The At47.job command failed to start due to the following error: %%2147942405

Error - 2011-05-17 11:00:00 PM | Computer Name = SPRINGER | Source = Schedule | ID = 7901
Description = The At48.job command failed to start due to the following error: %%2147942405

Error - 2011-05-18 12:23:00 AM | Computer Name = SPRINGER | Source = Schedule | ID = 7901
Description = The At25.job command failed to start due to the following error: %%2147942405

Error - 2011-05-18 1:00:00 AM | Computer Name = SPRINGER | Source = Schedule | ID = 7901
Description = The At26.job command failed to start due to the following error: %%2147942405

Error - 2011-05-18 2:00:00 AM | Computer Name = SPRINGER | Source = Schedule | ID = 7901
Description = The At27.job command failed to start due to the following error: %%2147942405

Error - 2011-05-18 3:00:00 AM | Computer Name = SPRINGER | Source = Schedule | ID = 7901
Description = The At28.job command failed to start due to the following error: %%2147942405

Error - 2011-05-18 4:00:00 AM | Computer Name = SPRINGER | Source = Schedule | ID = 7901
Description = The At29.job command failed to start due to the following error: %%2147942405

Error - 2011-05-18 5:00:00 AM | Computer Name = SPRINGER | Source = Schedule | ID = 7901
Description = The At30.job command failed to start due to the following error: %%2147942405

Error - 2011-05-18 6:00:00 AM | Computer Name = SPRINGER | Source = Schedule | ID = 7901
Description = The At31.job command failed to start due to the following error: %%2147942405

Error - 2011-05-18 7:00:00 AM | Computer Name = SPRINGER | Source = Schedule | ID = 7901
Description = The At32.job command failed to start due to the following error: %%2147942405


< End of report >

#3 djs

djs

    Advanced Member

  • Members
  • PipPipPip
  • 76 posts

Posted 18 May 2011 - 12:31 PM

OTL logfile created on: 2011-05-18 7:16:54 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\The Mother\Desktop\CPT CLEANUP 5_11
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

510.00 Mb Total Physical Memory | 140.00 Mb Available Physical Memory | 27.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 37.39 Gb Free Space | 50.21% Space Free | Partition Type: NTFS

Computer Name: SPRINGER | User Name: The Mother | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\The Mother\Desktop\CPT CLEANUP 5_11\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\The Mother\Local Settings\Application Data\sea.exe ()
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe ()
PRC - C:\Program Files\Verizon\FiOS\ihs\IHANotify.exe (COLLABERA)
PRC - C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\UMStor\Res.exe (ali)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\The Mother\Desktop\CPT CLEANUP 5_11\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (CLTNetCnService) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (IHA_MessageCenter) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe ()
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation)


========== Driver Services (SafeList) ==========

DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (mfehidk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys (McAfee, Inc.)
DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (MXOFX) USB Storage Adapter FX (MXO) -- C:\WINDOWS\SYSTEM32\DRIVERS\MXOFX.SYS (Cypress Semiconductor)
DRV - (ctsfm2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV - (BCMModem) -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys (Broadcom Corporation)
DRV - (P16X) Creative SB Live! Series (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys (Creative Technology Ltd.)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)
DRV - (PfModNT) -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS (Creative Technology Ltd.)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...onType=&query="
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.2
FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://slirsredirect...onType=&query="


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-05-11 19:12:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-05-11 19:12:42 | 000,000,000 | ---D | M]

[2009-04-27 22:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\The Mother\Application Data\Mozilla\Extensions
[2011-05-13 07:59:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\The Mother\Application Data\Mozilla\Firefox\Profiles\a1vmbzow.default\extensions
[2010-05-29 08:35:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\The Mother\Application Data\Mozilla\Firefox\Profiles\a1vmbzow.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-04-29 15:03:13 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- C:\Documents and Settings\The Mother\Application Data\Mozilla\Firefox\Profiles\a1vmbzow.default\extensions\smartbookmarksbar@remy.juteau
[2009-10-15 22:42:45 | 000,004,196 | ---- | M] () -- C:\Documents and Settings\The Mother\Application Data\Mozilla\Firefox\Profiles\a1vmbzow.default\searchplugins\aim-search.xml
[2009-05-08 09:10:07 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\The Mother\Application Data\Mozilla\Firefox\Profiles\a1vmbzow.default\searchplugins\aol-search.xml
[2011-05-11 18:47:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-07-15 23:14:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-09-03 21:23:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-10-20 21:33:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2010-01-31 11:45:24 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\THE MOTHER\APPLICATION DATA\MOVE NETWORKS
() (No name found) -- C:\DOCUMENTS AND SETTINGS\THE MOTHER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\A1VMBZOW.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI
[2009-04-25 10:13:07 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011-05-11 19:12:23 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010-09-15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011-05-11 19:12:27 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2008-06-20 21:02:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.exe (ali)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKCU..\Run: [cWhAWkYHnb] File not found
O4 - HKCU..\Run: [ihanotify] C:\Program Files\Verizon\FiOS\ihs\IHANotify.exe (COLLABERA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1
O10 - NameSpace_Catalog5\Catalog_Entries00000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1298430238578 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: ChatSpace Java Client 2.1.0.90 http://64.85.17.21/Java/cs4ms090.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email.secures...et/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\The Mother\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\The Mother\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{85ff092c-47d5-11db-af40-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{85ff092c-47d5-11db-af40-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{85ff092c-47d5-11db-af40-00038a000015}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\The Mother\Local Settings\Application Data\sea.exe" -a "%1" %* ()
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\The Mother\Local Settings\Application Data\sea.exe" -a "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2011-05-17 18:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Mother\Desktop\CPT CLEANUP 5_11
[2011-05-17 18:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Mother\My Documents\CPT CLEAN UP 5_11
[2011-05-16 11:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Mother\My Documents\forprint
[2011-05-16 10:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Mother\Desktop\sara
[2011-05-13 07:59:26 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2006-08-25 21:14:20 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[1 C:\Documents and Settings\The Mother\My Documents\*.tmp files -> C:\Documents and Settings\The Mother\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\The Mother\Desktop\*.tmp files -> C:\Documents and Settings\The Mother\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-05-18 07:04:20 | 000,015,340 | -HS- | M] () -- C:\Documents and Settings\The Mother\Local Settings\Application Data\c25v536q0haag77cku307l2142ma5s
[2011-05-18 07:04:20 | 000,015,340 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\c25v536q0haag77cku307l2142ma5s
[2011-05-18 07:04:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-05-18 07:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2011-05-18 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2011-05-18 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2011-05-18 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2011-05-18 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2011-05-18 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2011-05-18 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2011-05-18 00:23:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2011-05-17 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2011-05-17 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2011-05-17 21:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2011-05-17 20:07:38 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011-05-17 20:03:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011-05-17 20:03:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011-05-17 20:03:22 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2011-05-17 20:00:03 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2011-05-17 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2011-05-17 18:57:03 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for The Mother.job
[2011-05-17 18:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2011-05-17 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2011-05-17 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2011-05-17 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2011-05-17 14:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2011-05-17 13:28:36 | 000,217,148 | -HS- | M] () -- C:\Documents and Settings\The Mother\Local Settings\Application Data\sea.exe
[2011-05-17 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2011-05-17 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2011-05-17 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2011-05-17 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2011-05-17 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2011-05-17 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2011-05-13 07:59:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011-04-28 07:35:03 | 000,222,208 | ---- | M] () -- C:\Documents and Settings\The Mother\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Documents and Settings\The Mother\My Documents\*.tmp files -> C:\Documents and Settings\The Mother\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\The Mother\Desktop\*.tmp files -> C:\Documents and Settings\The Mother\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-05-17 13:28:53 | 000,015,340 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\c25v536q0haag77cku307l2142ma5s
[2011-05-17 13:28:52 | 000,015,340 | -HS- | C] () -- C:\Documents and Settings\The Mother\Local Settings\Application Data\c25v536q0haag77cku307l2142ma5s
[2011-05-17 13:28:36 | 000,217,148 | -HS- | C] () -- C:\Documents and Settings\The Mother\Local Settings\Application Data\sea.exe
[2011-05-11 19:12:53 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011-02-21 16:58:11 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\5359e37c
[2011-02-21 16:58:11 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\51a1e364
[2011-02-21 16:58:02 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\419198ec
[2011-02-21 16:58:02 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\3d8f070c
[2011-02-21 16:57:35 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\16857d60
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\ff996688
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\f4917ebc
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\f3e700e8
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\e77f83d0
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\de2eed68
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\d6e1cef4
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\d697dd28
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\d5dc1170
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\d0b957c0
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\ce9e1fc8
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\ce4dd87c
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\cbd6f5fc
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\cb87aa9c
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\c8f950d8
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\c8b2c1cc
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\bfcb9e0c
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\b498979c
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\69a5e10
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\521710
[2011-02-21 16:57:11 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\b45b5174
[2011-02-21 16:57:11 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\b40d91ec
[2011-02-21 16:57:11 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\b3992040
[2011-02-21 16:57:11 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\aa9bbe1c
[2011-02-21 16:57:11 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\a7898b5c
[2011-02-21 16:57:11 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\a73ab47c
[2011-02-21 16:57:11 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\a16c22ec
[2011-02-21 16:57:11 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9a45a85c
[2011-02-21 16:57:11 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\99e242b4
[2011-02-21 16:57:11 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9999de6c
[2011-02-21 16:57:11 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9234286c
[2011-02-21 16:57:05 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\d6effe00
[2011-02-21 16:57:05 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\d2c4fae4
[2011-02-21 16:56:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\f38f6080
[2011-02-21 16:56:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\f3427914
[2011-02-21 16:56:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\f2da8fd4
[2011-02-21 16:56:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\f29a1124
[2011-02-21 16:56:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\f242ec74
[2011-02-21 16:56:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\f1005afc
[2011-02-21 16:56:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\eff672bc
[2011-02-21 16:56:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\ef8e17f0
[2011-02-21 16:56:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\ea679370
[2011-02-21 16:56:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\ea2709e8
[2011-02-21 16:56:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\e808e81c
[2011-02-21 16:56:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\e7c467b8
[2011-02-21 16:56:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\e69e398c
[2011-02-21 16:56:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\e65ab258
[2011-02-21 16:51:08 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\dad99ea0
[2011-02-21 16:51:06 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\e0644a8
[2011-02-21 16:51:06 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\dc59804
[2011-02-21 16:51:06 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\31e09468
[2011-02-21 16:51:06 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\2e52cf40
[2011-02-21 16:50:43 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\e0ba6d0c
[2011-02-21 16:50:43 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\e07783cc
[2011-02-21 16:50:11 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\2077bdc8
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\a430a8c0
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\a3f05f84
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\a3aa78fc
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9da21ea0
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9d5dff48
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9d204b9c
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9cdc4cec
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9c9f841c
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9c595df4
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9c0a098c
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9bc5cb68
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9b88c534
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9b449394
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9b07add8
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9ac1fa68
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9a853854
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9a4133b0
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9a04d6e0
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\99beacc8
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9982252c
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\993e9410
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9902378c
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\98bc53c0
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\988069d0
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\983c1bc4
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\97fe6608
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\97b0b31c
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\97736be8
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\972b9820
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\96ea35a8
[2011-02-21 16:49:09 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\ecf7344
[2011-02-21 16:49:09 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\e8ee1e8
[2011-02-21 16:49:06 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\eb8ada68
[2011-02-21 16:49:06 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\eb40c9e4
[2011-02-21 16:49:06 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\eada66dc
[2011-02-21 16:49:06 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\ea9a0c90
[2011-02-21 16:49:06 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\ea559e14
[2011-02-21 16:49:06 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\e8e8a4b4
[2011-02-21 16:49:06 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\d1e0d3f0
[2011-02-21 16:49:06 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\ceed5ecc
[2011-02-21 16:49:05 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\946db4f0
[2011-02-21 16:49:05 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\942c59b4
[2011-02-21 16:49:05 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\90f16348
[2011-02-21 16:49:05 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\90ac14b8
[2011-02-21 16:49:05 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\8be048e8
[2011-02-21 16:49:05 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\8b98bbec
[2011-02-21 16:47:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\b2b294fc
[2011-02-21 16:47:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\b26fe004
[2011-02-21 16:46:38 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\4702bd78
[2011-02-21 16:46:38 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\46bf91a8
[2011-02-21 16:46:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\d924c5e4
[2011-02-21 16:46:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\d266d5f4
[2011-02-21 16:46:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\d1fe8b08
[2011-02-21 16:46:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\d1c031a8
[2011-02-21 16:46:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\d17b7f64
[2011-02-21 16:46:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\cbc497fc
[2011-02-21 16:46:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\ca9c0ffc
[2011-02-21 16:46:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\c94b5224
[2011-02-21 16:46:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\c18db880
[2011-02-21 16:46:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\c14ef75c
[2011-02-21 16:46:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\c0ff97f8
[2011-02-21 16:46:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\bd9c03c8
[2011-02-21 16:46:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\a8bf5c6c
[2011-02-21 16:46:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\a873e988
[2011-02-15 23:32:33 | 000,174,432 | ---- | C] () -- C:\WINDOWS\hpoins43.dat
[2011-02-15 23:32:33 | 000,000,601 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat
[2010-11-18 21:55:35 | 000,174,281 | ---- | C] () -- C:\WINDOWS\hpoins43.dat.temp
[2010-11-18 21:55:35 | 000,000,601 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat.temp
[2010-10-12 18:12:24 | 000,000,054 | ---- | C] () -- C:\WINDOWS\winpoint.ini
[2010-10-03 17:39:28 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010-09-22 22:25:26 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-08-15 14:31:24 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009-04-29 22:05:12 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009-02-16 22:26:21 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\The Mother\Local Settings\Application Data\fusioncache.dat
[2009-01-23 16:17:35 | 000,000,082 | ---- | C] () -- C:\WINDOWS\CServe.ini
[2009-01-23 16:16:58 | 000,000,287 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2008-11-13 15:36:55 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2008-06-13 09:28:41 | 000,000,000 | ---- | C] () -- C:\Program Files\uninstall.dat
[2008-05-16 17:31:39 | 000,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2008-02-04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008-02-02 17:04:45 | 000,000,008 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008-01-27 10:03:17 | 000,056,887 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2007-07-17 09:51:37 | 000,000,603 | ---- | C] () -- C:\WINDOWS\FNTNSTLR.INI
[2006-11-16 09:06:35 | 000,001,407 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006-08-25 21:14:19 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2006-08-25 21:14:17 | 000,002,572 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2004-12-12 16:15:48 | 000,000,181 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004-10-01 18:21:43 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-07-28 11:48:16 | 000,000,049 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004-07-28 11:48:16 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004-03-16 22:32:56 | 000,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2004-03-15 22:27:35 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2004-03-08 12:09:11 | 000,222,208 | ---- | C] () -- C:\Documents and Settings\The Mother\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004-02-29 12:12:47 | 000,000,097 | ---- | C] () -- C:\WINDOWS\thousand.ini
[2004-02-22 12:33:43 | 000,000,793 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004-02-21 22:15:34 | 000,000,832 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2004-01-12 21:45:04 | 000,003,452 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003-12-29 23:40:21 | 002,319,328 | ---- | C] () -- C:\Program Files\wzbeta90.exe
[2003-12-19 09:55:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2003-12-17 00:33:45 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003-12-12 20:38:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003-12-12 20:30:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003-12-12 20:26:33 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2003-12-12 20:23:49 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003-12-12 20:23:42 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2003-12-12 20:23:42 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2003-12-12 20:23:29 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2003-12-12 20:23:29 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003-12-12 20:23:28 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2003-12-12 20:23:00 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003-12-12 20:22:14 | 000,000,411 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003-12-12 20:18:37 | 000,000,890 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003-12-12 20:05:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2003-12-12 20:02:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003-12-12 20:02:46 | 000,463,628 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2003-12-12 20:02:46 | 000,080,654 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2003-12-12 20:02:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003-12-12 19:49:18 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003-08-14 00:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003-01-07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002-09-03 11:05:08 | 000,414,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002-09-03 10:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002-09-03 10:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002-09-03 10:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002-09-03 10:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002-08-29 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002-08-29 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002-08-29 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002-08-29 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002-08-29 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002-08-29 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002-08-29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[1980-01-01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2011-04-11 18:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easy Driver Pro
[2007-01-20 12:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2006-07-22 21:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2004-07-11 17:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2010-03-28 13:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2004-04-14 12:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2011-04-11 18:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2010-10-12 18:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010-10-12 18:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2010-10-21 12:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009-10-30 16:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010-10-04 16:14:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2005-04-20 19:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Mother\Application Data\Aim
[2009-04-29 21:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Mother\Application Data\Blackberry Desktop
[2010-12-10 14:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Mother\Application Data\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2010-05-30 10:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Mother\Application Data\Facebook
[2011-02-21 16:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Mother\Application Data\Jfuse
[2003-12-16 23:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Mother\Application Data\Leadertech
[2009-12-27 19:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Mother\Application Data\Moyea
[2011-03-30 07:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Mother\Application Data\PeaZip
[2006-07-22 12:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Mother\Application Data\Registry Booster
[2009-04-29 22:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Mother\Application Data\Research In Motion
[2007-03-15 12:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Mother\Application Data\Snapfish
[2011-02-11 11:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Mother\Application Data\TechWizard
[2005-02-15 11:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Mother\Application Data\WeatherBug
[2011-05-17 20:07:38 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011-05-18 00:23:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2011-05-18 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2011-05-18 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2011-05-18 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2011-05-18 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2011-05-18 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2011-05-18 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2011-05-18 07:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2011-05-17 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2011-05-17 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2011-05-17 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2011-05-17 11:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2011-05-17 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2011-05-17 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2011-05-17 14:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2011-05-17 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2011-05-17 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2011-05-17 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2011-05-17 18:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2011-05-17 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2011-05-17 20:00:03 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2011-05-17 21:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2011-05-17 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2011-05-17 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2003-12-18 00:45:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job

========== Purity Check ==========



< End of report >

#4 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 8186 posts

Posted 18 May 2011 - 01:20 PM

Hi djs,

Please, follow the instructions on http://www.bleepingc...to-use-combofix for installing and running ComboFix.

Read carefully and note the "Disclaimer of warranty"!

Paste the content of the log into your answer.

#5 djs

djs

    Advanced Member

  • Members
  • PipPipPip
  • 76 posts

Posted 19 May 2011 - 02:45 AM

Celia B. - Thanks for your help. I have have run combofix.....log below. I look forward to your response.


ComboFix 11-05-17.03 - The Mother 2011-05-18 21:18:50.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.261 [GMT -4:00]
Running from: c:\documents and settings\The Mother\Desktop\CPT CLEANUP 5_11\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\The Mother\GoToAssistDownloadHelper.exe
c:\documents and settings\The Mother\Local Settings\Application Data\sea.exe
c:\documents and settings\The Mother\WINDOWS
c:\windows\Debug\dcpromo.log
c:\windows\desktop
c:\windows\desktop\Instal~1.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-04-19 to 2011-05-19 )))))))))))))))))))))))))))))))
.
.
2011-05-13 11:59 . 2011-05-13 11:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-11 23:12 . 2011-05-11 23:12 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-11 23:12 . 2011-05-11 23:12 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-11 23:12 . 2011-05-11 23:12 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-11 23:12 . 2011-05-11 23:12 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-11 23:12 . 2011-05-11 23:12 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-11 23:12 . 2011-05-11 23:12 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-11 23:12 . 2011-05-11 23:12 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-11 23:12 . 2011-05-11 23:12 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-17 16:52 . 2010-10-03 21:39 15880 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-07 05:33 . 2004-06-07 18:19 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2002-08-29 11:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2002-08-29 11:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2003-12-30 03:42 . 2003-12-30 03:40 2319328 ----a-w- c:\program files\wzbeta90.exe
2011-05-11 23:12 . 2011-05-11 23:12 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ihanotify"="c:\program files\Verizon\FiOS\ihs\IHANotify.exe" [2010-12-28 237568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-15 65536]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-12-13 151597]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2010-03-11 02:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
2002-04-03 05:01 135264 ----a-w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-08-06 07:04 114741 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 13:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 14:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
2004-12-22 12:21 823296 ----a-w- c:\program files\Maxtor\OneTouch\Utils\OneTouch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MXOBG]
2009-04-26 00:12 94208 ----a-w- c:\windows\MXOALDR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 17:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [2010-10-03 64288]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2010-10-13 6:06 PM 118784]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-12 8:15 AM 1378040]
S2 gupdate1c962088889221e;Google Update Service (gupdate1c962088889221e);c:\program files\Google\Update\GoogleUpdate.exe [2008-12-19 2:35 PM 133104]
S3 Fltmortpumfu;Fltmortpumfu; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2008-12-19 2:35 PM 133104]
S3 Ipnftcaxpace;Ipnftcaxpace; [x]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 8:49 AM 227232]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Lavasoft Kernexplorer
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 16:52]
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-19 04:41]
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-19 04:41]
.
2003-12-18 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
.
2011-05-19 c:\windows\Tasks\Norton Security Scan for The Mother.job
- c:\progra~1\NORTON~2\Engine\300~1.103\Nss.exe [2011-02-18 01:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com\office
DPF: ChatSpace Java Client 2.1.0.90 - hxxp://64.85.17.21/Java/cs4ms090.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
FF - ProfilePath - c:\documents and settings\The Mother\Application Data\Mozilla\Firefox\Profiles\a1vmbzow.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: yahoo.homepage.dontask - true
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
MSConfigStartUp-Google Update - c:\documents and settings\The Mother\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-MBkLogOnHook - c:\program files\McAfee\MBK\LogOnHook.exe
AddRemove-AOL Emergency Connect Utility 1.0 - c:\program files\Common Files\AOL\ECU\uninst.exe
AddRemove-PSP_Movie_Creator - c:\documents and settings\The Mother\My Documents\Zac\PSPMovieCreator\bt-uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-18 21:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-05-18 21:40:54
ComboFix-quarantined-files.txt 2011-05-19 01:40
.
Pre-Run: 40,013,885,440 bytes free
Post-Run: 39,972,347,904 bytes free
.
- - End Of File - - CCDBCBEE9877A9F3F25CC5E9072947C5

#6 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 8186 posts

Posted 19 May 2011 - 10:58 AM

Hi,

Please, copy all lines in the box:
Killall&#58;&#58;
Driver&#58;&#58;
Fltmortpumfu
Ipnftcaxpace
File&#58;&#58;
C&#58;\Documents and Settings\All Users\Application Data\c25v536q0haag77cku307l2142ma5s
C&#58;\Documents and Settings\The Mother\Local Settings\Application Data\c25v536q0haag77cku307l2142ma5s
Folder&#58;&#58;
C&#58;\Documents and Settings\All Users\Application Data\c25v536q0haag77cku307l2142ma5s
C&#58;\Documents and Settings\The Mother\Local Settings\Application Data\c25v536q0haag77cku307l2142ma5s
and paste into Notepad.
Save the file on the desktop with the name CFScript.

Prepare the computer according to the instructions for running ComboFix.
Drag CFScript with the mouse and drop it on top of the ComboFix icon on the Desktop, the program will start in a special way.
Paste the new ComboFix log into your answer.

Restart the computer, run OTL and post OTL.txt.

How is the computer running?

#7 djs

djs

    Advanced Member

  • Members
  • PipPipPip
  • 76 posts

Posted 19 May 2011 - 01:53 PM

Cecilia B.,

Cpt is running much better...thanks. Here is the combofix log as requested. I have not had the opportunity to run the additional program. I'll do that this evening. Thanks!

ComboFix 11-05-17.03 - The Mother 2011-05-19 7:35.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.175 [GMT -4:00]
Running from: c:\documents and settings\The Mother\Desktop\CPT CLEANUP 5_11\ComboFix.exe
Command switches used :: c:\documents and settings\The Mother\Desktop\CPT CLEANUP 5_11\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
FILE ::
"c:\documents and settings\All Users\Application Data\c25v536q0haag77cku307l2142ma5s"
"c:\documents and settings\The Mother\Local Settings\Application Data\c25v536q0haag77cku307l2142ma5s"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\c25v536q0haag77cku307l2142ma5s
c:\documents and settings\The Mother\Local Settings\Application Data\c25v536q0haag77cku307l2142ma5s
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Fltmortpumfu
-------\Service_Ipnftcaxpace
.
.
((((((((((((((((((((((((( Files Created from 2011-04-19 to 2011-05-19 )))))))))))))))))))))))))))))))
.
.
2011-05-13 11:59 . 2011-05-13 11:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-11 23:12 . 2011-05-11 23:12 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-11 23:12 . 2011-05-11 23:12 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-11 23:12 . 2011-05-11 23:12 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-11 23:12 . 2011-05-11 23:12 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-11 23:12 . 2011-05-11 23:12 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-11 23:12 . 2011-05-11 23:12 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-11 23:12 . 2011-05-11 23:12 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-11 23:12 . 2011-05-11 23:12 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-17 16:52 . 2010-10-03 21:39 15880 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-07 05:33 . 2004-06-07 18:19 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2002-08-29 11:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2002-08-29 11:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2003-12-30 03:42 . 2003-12-30 03:40 2319328 ----a-w- c:\program files\wzbeta90.exe
2011-05-11 23:12 . 2011-05-11 23:12 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ihanotify"="c:\program files\Verizon\FiOS\ihs\IHANotify.exe" [2010-12-28 237568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-15 65536]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-12-13 151597]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2010-03-11 02:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
2002-04-03 05:01 135264 ----a-w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-08-06 07:04 114741 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 13:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 14:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
2004-12-22 12:21 823296 ----a-w- c:\program files\Maxtor\OneTouch\Utils\OneTouch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MXOBG]
2009-04-26 00:12 94208 ----a-w- c:\windows\MXOALDR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 17:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R2 gupdate1c962088889221e;Google Update Service (gupdate1c962088889221e);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 133104]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 133104]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-03-24 118784]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-04-17 1378040]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 16:52]
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-19 04:41]
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-19 04:41]
.
2003-12-18 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
.
2011-05-19 c:\windows\Tasks\Norton Security Scan for The Mother.job
- c:\progra~1\NORTON~2\Engine\300~1.103\Nss.exe [2011-02-18 01:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com\office
DPF: ChatSpace Java Client 2.1.0.90 - hxxp://64.85.17.21/Java/cs4ms090.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
FF - ProfilePath - c:\documents and settings\The Mother\Application Data\Mozilla\Firefox\Profiles\a1vmbzow.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-19 08:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2196)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\UPnPUI.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\FakeAvRenderer.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\BCMSMMSG.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2011-05-19 08:17:27 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-19 12:17
ComboFix2.txt 2011-05-19 01:40
.
Pre-Run: 39,979,831,296 bytes free
Post-Run: 39,841,628,160 bytes free
.
- - End Of File - - 13BE2BBB1C001AD9EA47AD7A23C5FB8D

#8 djs

djs

    Advanced Member

  • Members
  • PipPipPip
  • 76 posts

Posted 19 May 2011 - 10:39 PM

And the OTL Log:


OTL logfile created on: 2011-05-19 8:56:50 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\The Mother\Desktop\CPT CLEANUP 5_11
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

510.00 Mb Total Physical Memory | 143.00 Mb Available Physical Memory | 28.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 37.14 Gb Free Space | 49.87% Space Free | Partition Type: NTFS

Computer Name: SPRINGER | User Name: The Mother | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\The Mother\Desktop\CPT CLEANUP 5_11\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe ()
PRC - C:\Program Files\Verizon\FiOS\ihs\IHANotify.exe (COLLABERA)
PRC - C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\UMStor\Res.exe (ali)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\The Mother\Desktop\CPT CLEANUP 5_11\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (CLTNetCnService) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (IHA_MessageCenter) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe ()
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (mfehidk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys (McAfee, Inc.)
DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (MXOFX) USB Storage Adapter FX (MXO) -- C:\WINDOWS\SYSTEM32\DRIVERS\MXOFX.SYS (Cypress Semiconductor)
DRV - (ctsfm2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV - (BCMModem) -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys (Broadcom Corporation)
DRV - (P16X) Creative SB Live! Series (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys (Creative Technology Ltd.)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)
DRV - (PfModNT) -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS (Creative Technology Ltd.)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...onType=&query="
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.2
FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://slirsredirect...onType=&query="


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-05-11 19:12:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-05-11 19:12:42 | 000,000,000 | ---D | M]

[2009-04-27 22:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\The Mother\Application Data\Mozilla\Extensions
[2011-05-13 07:59:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\The Mother\Application Data\Mozilla\Firefox\Profiles\a1vmbzow.default\extensions
[2010-05-29 08:35:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\The Mother\Application Data\Mozilla\Firefox\Profiles\a1vmbzow.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-04-29 15:03:13 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- C:\Documents and Settings\The Mother\Application Data\Mozilla\Firefox\Profiles\a1vmbzow.default\extensions\smartbookmarksbar@remy.juteau
[2009-10-15 22:42:45 | 000,004,196 | ---- | M] () -- C:\Documents and Settings\The Mother\Application Data\Mozilla\Firefox\Profiles\a1vmbzow.default\searchplugins\aim-search.xml
[2009-05-08 09:10:07 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\The Mother\Application Data\Mozilla\Firefox\Profiles\a1vmbzow.default\searchplugins\aol-search.xml
[2011-05-11 18:47:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-07-15 23:14:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-09-03 21:23:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-10-20 21:33:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2010-01-31 11:45:24 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\THE MOTHER\APPLICATION DATA\MOVE NETWORKS
() (No name found) -- C:\DOCUMENTS AND SETTINGS\THE MOTHER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\A1VMBZOW.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI
[2009-04-25 10:13:07 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011-05-11 19:12:23 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010-09-15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011-05-11 19:12:27 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011-05-19 08:00:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.exe (ali)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKCU..\Run: [ihanotify] C:\Program Files\Verizon\FiOS\ihs\IHANotify.exe (COLLABERA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries00000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1298430238578 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: ChatSpace Java Client 2.1.0.90 http://64.85.17.21/Java/cs4ms090.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email.secures...et/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\The Mother\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\The Mother\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-05-18 21:15:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011-05-18 21:15:11 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011-05-18 21:15:11 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011-05-18 21:15:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011-05-18 21:14:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-05-17 18:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Mother\Desktop\CPT CLEANUP 5_11
[2011-05-17 18:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Mother\My Documents\CPT CLEAN UP 5_11
[2011-05-16 11:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Mother\My Documents\forprint
[2011-05-16 10:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Mother\Desktop\sara
[2011-05-13 07:59:26 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2006-08-25 21:14:20 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[1 C:\Documents and Settings\The Mother\My Documents\*.tmp files -> C:\Documents and Settings\The Mother\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\The Mother\Desktop\*.tmp files -> C:\Documents and Settings\The Mother\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-05-19 08:14:36 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011-05-19 08:04:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-05-19 08:00:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011-05-19 08:00:15 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011-05-19 08:00:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011-05-19 08:00:07 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2011-05-18 20:43:56 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for The Mother.job
[2011-05-13 07:59:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011-04-28 07:35:03 | 000,222,208 | ---- | M] () -- C:\Documents and Settings\The Mother\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Documents and Settings\The Mother\My Documents\*.tmp files -> C:\Documents and Settings\The Mother\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\The Mother\Desktop\*.tmp files -> C:\Documents and Settings\The Mother\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-05-18 21:15:11 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011-05-18 21:15:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011-05-18 21:15:11 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011-05-18 21:15:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011-05-18 21:15:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011-05-11 19:12:53 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011-02-21 16:58:11 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\5359e37c
[2011-02-21 16:58:11 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\51a1e364
[2011-02-21 16:58:02 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\419198ec
[2011-02-21 16:58:02 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\3d8f070c
[2011-02-21 16:57:35 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\16857d60
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\ff996688
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\f4917ebc
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\f3e700e8
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\e77f83d0
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\de2eed68
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\d6e1cef4
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\d697dd28
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\d5dc1170
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\d0b957c0
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\ce9e1fc8
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\ce4dd87c
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\cbd6f5fc
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\cb87aa9c
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\c8f950d8
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\c8b2c1cc
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\bfcb9e0c
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\b498979c
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\69a5e10
[2011-02-21 16:57:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\521710
[2011-02-21 16:57:11 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\b45b5174
[2011-02-21 16:57:11 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\b40d91ec
[2011-02-21 16:57:11 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\b3992040
[2011-02-21 16:57:11 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\aa9bbe1c
[2011-02-21 16:57:11 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\a7898b5c
[2011-02-21 16:57:11 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\a73ab47c
[2011-02-21 16:57:11 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\a16c22ec
[2011-02-21 16:57:11 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9a45a85c
[2011-02-21 16:57:11 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\99e242b4
[2011-02-21 16:57:11 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9999de6c
[2011-02-21 16:57:11 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9234286c
[2011-02-21 16:57:05 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\d6effe00
[2011-02-21 16:57:05 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\d2c4fae4
[2011-02-21 16:56:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\f38f6080
[2011-02-21 16:56:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\f3427914
[2011-02-21 16:56:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\f2da8fd4
[2011-02-21 16:56:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\f29a1124
[2011-02-21 16:56:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\f242ec74
[2011-02-21 16:56:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\f1005afc
[2011-02-21 16:56:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\eff672bc
[2011-02-21 16:56:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\ef8e17f0
[2011-02-21 16:56:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\ea679370
[2011-02-21 16:56:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\ea2709e8
[2011-02-21 16:56:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\e808e81c
[2011-02-21 16:56:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\e7c467b8
[2011-02-21 16:56:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\e69e398c
[2011-02-21 16:56:59 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\e65ab258
[2011-02-21 16:51:08 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\dad99ea0
[2011-02-21 16:51:06 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\e0644a8
[2011-02-21 16:51:06 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\dc59804
[2011-02-21 16:51:06 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\31e09468
[2011-02-21 16:51:06 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\2e52cf40
[2011-02-21 16:50:43 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\e0ba6d0c
[2011-02-21 16:50:43 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\e07783cc
[2011-02-21 16:50:11 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\2077bdc8
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\a430a8c0
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\a3f05f84
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\a3aa78fc
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9da21ea0
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9d5dff48
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9d204b9c
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9cdc4cec
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9c9f841c
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9c595df4
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9c0a098c
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9bc5cb68
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9b88c534
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9b449394
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9b07add8
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9ac1fa68
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9a853854
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9a4133b0
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9a04d6e0
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\99beacc8
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9982252c
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\993e9410
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\9902378c
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\98bc53c0
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\988069d0
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\983c1bc4
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\97fe6608
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\97b0b31c
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\97736be8
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\972b9820
[2011-02-21 16:49:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\96ea35a8
[2011-02-21 16:49:09 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\ecf7344
[2011-02-21 16:49:09 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\e8ee1e8
[2011-02-21 16:49:06 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\eb8ada68
[2011-02-21 16:49:06 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\eb40c9e4
[2011-02-21 16:49:06 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\eada66dc
[2011-02-21 16:49:06 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\ea9a0c90
[2011-02-21 16:49:06 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\ea559e14
[2011-02-21 16:49:06 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\e8e8a4b4
[2011-02-21 16:49:06 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\d1e0d3f0
[2011-02-21 16:49:06 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\ceed5ecc
[2011-02-21 16:49:05 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\946db4f0
[2011-02-21 16:49:05 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\942c59b4
[2011-02-21 16:49:05 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\90f16348
[2011-02-21 16:49:05 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\90ac14b8
[2011-02-21 16:49:05 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\8be048e8
[2011-02-21 16:49:05 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\8b98bbec
[2011-02-21 16:47:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\b2b294fc
[2011-02-21 16:47:12 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\b26fe004
[2011-02-21 16:46:38 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\4702bd78
[2011-02-21 16:46:38 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\46bf91a8
[2011-02-21 16:46:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\d924c5e4
[2011-02-21 16:46:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\d266d5f4
[2011-02-21 16:46:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\d1fe8b08
[2011-02-21 16:46:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\d1c031a8
[2011-02-21 16:46:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\d17b7f64
[2011-02-21 16:46:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\cbc497fc
[2011-02-21 16:46:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\ca9c0ffc
[2011-02-21 16:46:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\c94b5224
[2011-02-21 16:46:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\c18db880
[2011-02-21 16:46:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\c14ef75c
[2011-02-21 16:46:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\c0ff97f8
[2011-02-21 16:46:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\bd9c03c8
[2011-02-21 16:46:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\a8bf5c6c
[2011-02-21 16:46:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\The Mother\Application Data\a873e988
[2011-02-15 23:32:33 | 000,174,432 | ---- | C] () -- C:\WINDOWS\hpoins43.dat
[2011-02-15 23:32:33 | 000,000,601 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat
[2010-11-18 21:55:35 | 000,174,281 | ---- | C] () -- C:\WINDOWS\hpoins43.dat.temp
[2010-11-18 21:55:35 | 000,000,601 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat.temp
[2010-10-12 18:12:24 | 000,000,054 | ---- | C] () -- C:\WINDOWS\winpoint.ini
[2010-10-03 17:39:28 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010-09-22 22:25:26 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-08-15 14:31:24 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009-04-29 22:05:12 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009-02-16 22:26:21 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\The Mother\Local Settings\Application Data\fusioncache.dat
[2009-01-23 16:17:35 | 000,000,082 | ---- | C] () -- C:\WINDOWS\CServe.ini
[2009-01-23 16:16:58 | 000,000,287 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2008-11-13 15:36:55 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2008-06-13 09:28:41 | 000,000,000 | ---- | C] () -- C:\Program Files\uninstall.dat
[2008-05-16 17:31:39 | 000,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2008-02-04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008-02-02 17:04:45 | 000,000,008 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008-01-27 10:03:17 | 000,056,887 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2007-07-17 09:51:37 | 000,000,603 | ---- | C] () -- C:\WINDOWS\FNTNSTLR.INI
[2006-11-16 09:06:35 | 000,001,407 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006-08-25 21:14:19 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2006-08-25 21:14:17 | 000,002,572 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2004-12-12 16:15:48 | 000,000,181 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004-10-01 18:21:43 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-07-28 11:48:16 | 000,000,049 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004-07-28 11:48:16 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004-03-16 22:32:56 | 000,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2004-03-15 22:27:35 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2004-03-08 12:09:11 | 000,222,208 | ---- | C] () -- C:\Documents and Settings\The Mother\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004-02-29 12:12:47 | 000,000,097 | ---- | C] () -- C:\WINDOWS\thousand.ini
[2004-02-22 12:33:43 | 000,000,793 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004-02-21 22:15:34 | 000,000,832 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2004-01-12 21:45:04 | 000,003,452 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003-12-29 23:40:21 | 002,319,328 | ---- | C] () -- C:\Program Files\wzbeta90.exe
[2003-12-19 09:55:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2003-12-17 00:33:45 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003-12-12 20:38:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003-12-12 20:30:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003-12-12 20:26:33 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2003-12-12 20:23:49 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003-12-12 20:23:42 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2003-12-12 20:23:42 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2003-12-12 20:23:29 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2003-12-12 20:23:29 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003-12-12 20:23:28 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2003-12-12 20:23:00 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003-12-12 20:22:14 | 000,000,411 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003-12-12 20:18:37 | 000,000,890 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003-12-12 20:05:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2003-12-12 20:02:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003-12-12 20:02:46 | 000,463,628 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2003-12-12 20:02:46 | 000,080,654 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2003-12-12 20:02:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003-12-12 19:49:18 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003-08-14 00:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003-01-07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002-09-03 11:05:08 | 000,414,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002-09-03 10:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002-09-03 10:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002-09-03 10:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002-09-03 10:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002-08-29 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002-08-29 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002-08-29 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002-08-29 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002-08-29 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002-08-29 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002-08-29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[1980-01-01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2011-04-11 18:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easy Driver Pro
[2007-01-20 12:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2006-07-22 21:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2004-07-11 17:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2010-03-28 13:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2004-04-14 12:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2011-04-11 18:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2010-10-12 18:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010-10-12 18:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2010-10-21 12:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009-10-30 16:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010-10-04 16:14:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2005-04-20 19:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Mother\Application Data\Aim
[2009-04-29 21:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Mother\Application Data\Blackberry Desktop
[2010-12-10 14:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Mother\Application Data\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2010-05-30 10:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Mother\Application Data\Facebook
[2011-02-21 16:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Mother\Application Data\Jfuse
[2003-12-16 23:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Mother\Application Data\Leadertech
[2009-12-27 19:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Mother\Application Data\Moyea
[2011-03-30 07:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Mother\Application Data\PeaZip
[2006-07-22 12:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Mother\Application Data\Registry Booster
[2009-04-29 22:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Mother\Application Data\Research In Motion
[2007-03-15 12:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Mother\Application Data\Snapfish
[2011-02-11 11:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Mother\Application Data\TechWizard
[2005-02-15 11:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Mother\Application Data\WeatherBug
[2011-05-19 08:14:36 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2003-12-18 00:45:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job

========== Purity Check ==========



< End of report >

#9 djs

djs

    Advanced Member

  • Members
  • PipPipPip
  • 76 posts

Posted 19 May 2011 - 10:40 PM

For some reason my Norton just popped up and said I had 16 potential threats. Should this be of concern?

#10 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 8186 posts

Posted 19 May 2011 - 11:59 PM

For some reason my Norton just popped up and said I had 16 potential threats. Should this be of concern?

It would be nice to know what Norton finds. Is a log available that you can post or can you make a screen-shot (PrintScreen) and attach to your post?

#11 djs

djs

    Advanced Member

  • Members
  • PipPipPip
  • 76 posts

Posted 20 May 2011 - 02:36 AM

All of the issues Norton is picking up are "low threat" tracking cookies. I cannot get it to cut and paste not will it allow me to make a screen shot. Should I be doing anything else at this point to get my computer healthly? Thanks again for your assistance.

#12 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 8186 posts

Posted 20 May 2011 - 11:34 AM

Cookies are never dangerous for the computer so they are not important during a cleaning procedure.
http://en.wikipedia....iki/HTTP_cookie

I cannot see any malicious files in the logs. Do you believe that the computer is back to normal?
In that case it is time for the final clean-up.

#13 djs

djs

    Advanced Member

  • Members
  • PipPipPip
  • 76 posts

Posted 20 May 2011 - 12:30 PM

The computer seems to be running well. I appreciate all of your assistance.

#14 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 8186 posts

Posted 20 May 2011 - 12:42 PM

You are welcome. :)

First it would be nice if you can pack (zip) the folder C:\Qoobox. Do you know how to do that? Do you have a zip program?
That folder contains the malicious files that ComboFix removed and it would be nice to give those files to Lavasoft so they can improve Ad-Aware.

#15 djs

djs

    Advanced Member

  • Members
  • PipPipPip
  • 76 posts

Posted 20 May 2011 - 12:49 PM

I have a program called peazip but when i go to zip the C:\Qoobox file it gives me an error message. I would be happy to do this step with some assistance. THanks!

#16 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 8186 posts

Posted 20 May 2011 - 03:04 PM

Then I suggest you install 7-zip instead.
http://www.7-zip.org/ Select to download the file with "Type" ".exe", and then install the program.

When the installation is finished you can right-click the folder Qoobox and select "7-zip" followed by "Add to Qoobox.zip". (I have a Swedish 7-zip why the words might be slightly different.) Qoobox.zip should be created in C:\. Upload Qoobox.zip on http://sprend.com/ You don't need to enter any e-mail address or message. When the uploading is finished you will get a link to the file. You send me this link in a PM (personal message) here in the forum. You have to do it in this rather complicated way, since everyone shouldn't be able to download malicious files.

#17 djs

djs

    Advanced Member

  • Members
  • PipPipPip
  • 76 posts

Posted 20 May 2011 - 06:06 PM

I just sent you the private message containing the link created by Sprend.com. Let me know if I did your steps correctly and received it. Thanks!

#18 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 8186 posts

Posted 20 May 2011 - 07:52 PM

Thanks for the file :) I will send the malicious files in it to Lavasoft.

Time for final clean-up.

1. Removal of all system restore points since they might be infected.
XP:
Create a new system restore point:
Start - Programs - Accessories - System Tools - System Restore
Choose Create a Restore Point and then click Next. Give the R.P. a name, then click Create.

Remove all old restore points by running Disk Cleanup.
Start - Run and type: Cleanmgr
Click Ok. Disk Cleanup will scan your files for several minutes, then open.
Select the More Options tab, and then click the Clean up button under System Restore.
Click Ok and then Yes twice.

Vista and WIndows 7:
Create a new system restore point by following http://www.howtogeek...system-restore/
Remove all old restore points by following http://bertk.mvps.or...skcleanupv.html (Vista) or http://www.sevenforu...p-open-use.html (Windows 7).

2. Removal of tools
a. Press Windows-key + R
Copy and paste this line:
ComboFix /Uninstall

Note the space before /
Clicka on OK.

b. Close all programs.
Start OTL program.
Click the CleanUp! button.
Select Yes when asked "Begin cleanup process".
If you are asked to reboot, select Yes.
If any logs remain on the computer you can remove them.
Any tools left?

3. Improve the security in the computer
It is very important to keep Windows and all programs updated since old versions with security issues make it easy to infect the computer. To help you with that you can use the program Secunia Personal Software Inspector (PSI).

Read what Blade81 writes in the post http://www.lavasofts...s...st&p=124337 from the header "Make your Internet Explorer more secure" and downwards.

#19 djs

djs

    Advanced Member

  • Members
  • PipPipPip
  • 76 posts

Posted 20 May 2011 - 10:20 PM

Cecelia B,

Thank you so much for all of your help. Your assistance has been wonderful. I understand this service is provided free of charge, but us there a place to make a donation?

My laptop is running slow and and does some odd things while I'm on the web. Would you be willing to review the below logs and advise if you see anything out of the ordinary?



OTL logfile created on: 5/20/2011 5:12:08 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Richard\Desktop\Computer Maintenece
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.64 Gb Total Space | 8.89 Gb Free Space | 12.77% Space Free | Partition Type: NTFS

Computer Name: LABTOP | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Richard\Desktop\Computer Maintenece\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\phpdev5\Apache\Apache.exe ()
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
PRC - C:\WINDOWS\system32\o2flash.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Richard\Desktop\Computer Maintenece\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Roxio Upnp Server 9) -- File not found
SRV - (Roxio UPnP Renderer 9) -- File not found
SRV - (CLTNetCnService) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (ACDaemon) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (dev5_ap1) -- C:\phpdev5\apache\Apache.exe ()
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (MySQL) -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ()
SRV - (O2Flash) -- C:\WINDOWS\system32\o2flash.exe ()


========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (O2MDRDR) -- C:\WINDOWS\System32\DRIVERS\o2media.sys (O2Micro )
DRV - (O2SDRDR) -- C:\WINDOWS\System32\DRIVERS\o2sd.sys (O2Micro )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology Inc.)
DRV - (AGR1310_51) -- C:\WINDOWS\system32\drivers\AGR1310_51.sys (Agere Systems)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (Ktp3) -- C:\WINDOWS\system32\drivers\Ktp3.sys (Elantech Devices Corp.)
DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.0.0
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:5.0
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/26 19:19:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/22 09:14:27 | 000,000,000 | ---D | M]

[2009/04/19 21:52:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard\Application Data\Mozilla\Extensions
[2011/05/04 12:48:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\srmkk8ph.default\extensions
[2011/05/04 12:48:31 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\srmkk8ph.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2009/09/15 08:02:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\srmkk8ph.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/28 13:30:28 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\srmkk8ph.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010/03/11 10:48:05 | 000,000,000 | ---D | M] (AddThis) -- C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\srmkk8ph.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2011/05/04 12:48:33 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\srmkk8ph.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011/05/04 12:48:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/16 10:27:46 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
[2008/09/10 01:09:32 | 000,079,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2008/04/04 07:33:45 | 000,231,164 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 .supercocklol.com
O1 - Hosts: 127.0.0.1 www..webloyalty.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 8104 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AOLDialer] File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe (MediaCodec.Org)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKCU..\Run: [AdobeBridge] C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F4D2E63-0377-4188-8B70-52934FA8A101} http://www.leadstolo...ivex/fafile.dll (First American File Control)
O16 - DPF: {4F4D2E63-0377-4188-8B70-52934FA8A201} http://www.leadstolo...vex/faprint.dll (First American Print Control)
O16 - DPF: {4F4D2E63-0377-4188-8B70-52934FA8A301} http://www.leadstolo...ivex/fagrid.dll (First American Grid Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1159818431983 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemreq.../sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1159818421170 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email.secures...et/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\WINDOWS\Cursors\lsass.exe) - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Richard\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Richard\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 11:43:27 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{51b3cf53-ec11-11de-a856-0013d36ff7e5}\Shell\AutoRun\command - "" = G:\MI.exe
O33 - MountPoints2\{a6051972-19b5-11df-a89b-0013d36ff7e5}\Shell\AutoRun\command - "" = slacker.synclauncher.exe
O33 - MountPoints2\{a6051972-19b5-11df-a89b-0013d36ff7e5}\Shell\slacker\command - "" = slacker.synclauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/20 13:19:03 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/05/20 13:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/05/20 13:11:59 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Richard\Desktop\CPT CLEANUP MAY 2011.exe
[2011/05/08 10:43:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Desktop\sara
[2007/11/11 00:30:24 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Richard\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/05/20 17:07:08 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/20 13:27:06 | 000,024,262 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2011/05/20 13:26:35 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/20 13:24:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/20 13:19:09 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/05/20 13:12:15 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Desktop\CPT CLEANUP MAY 2011.exe
[2011/05/20 10:29:17 | 000,067,475 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\May-Mid_11 044.jpg
[2011/05/19 16:34:11 | 000,136,704 | ---- | M] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/18 20:09:54 | 000,134,272 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/05/16 11:40:28 | 004,557,276 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\for print.rar
[2011/05/15 19:34:09 | 001,820,782 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\15-##nospam-Basketball-Shoes-Design-Collection-Multi-Color.psd
[2011/05/15 19:30:58 | 000,769,971 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\inside.psd
[2011/05/15 19:16:10 | 000,043,096 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\15-##nospam-Basketball-Shoes-Design-Collection-Multi-Color.jpg
[2011/05/09 09:25:13 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/06 21:35:08 | 000,338,814 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\new_castle.jpg
[2011/05/06 08:36:39 | 002,703,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/01 01:00:20 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2011/04/29 12:12:00 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

========== Files Created - No Company Name ==========

[2011/05/20 13:19:09 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/05/20 10:29:10 | 000,067,475 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\May-Mid_11 044.jpg
[2011/05/16 11:40:22 | 004,557,276 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\for print.rar
[2011/05/15 19:34:07 | 001,820,782 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\15-##nospam-Basketball-Shoes-Design-Collection-Multi-Color.psd
[2011/05/15 19:30:56 | 000,769,971 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\inside.psd
[2011/05/15 19:16:08 | 000,043,096 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\15-##nospam-Basketball-Shoes-Design-Collection-Multi-Color.jpg
[2011/05/06 21:33:21 | 000,338,814 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\new_castle.jpg
[2010/10/21 21:49:22 | 000,207,982 | ---- | C] () -- C:\WINDOWS\hpoins43.dat
[2010/10/21 21:49:22 | 000,000,601 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat
[2010/08/23 14:51:19 | 000,000,027 | ---- | C] () -- C:\WINDOWS\phpdev.ini
[2010/08/05 10:57:49 | 000,134,272 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/22 12:25:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/10/08 08:52:17 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/07/27 15:35:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/04/30 16:08:59 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/04/24 14:27:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Font Book
[2009/03/12 19:56:25 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\winscp.rnd
[2008/11/12 20:55:08 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\vso_ts_preview.xml
[2008/10/09 16:25:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/10/09 12:27:00 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/08/30 09:29:49 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2008/08/30 09:29:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\Galaxy Swirl
[2008/05/21 00:05:59 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/04/04 11:05:12 | 000,021,312 | ---- | C] () -- C:\WINDOWS\choice.exe
[2008/03/02 11:27:22 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2008/01/06 15:13:49 | 000,000,054 | ---- | C] () -- C:\WINDOWS\winpoint.ini
[2007/11/11 00:30:24 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\pcouffin.cat
[2007/11/11 00:30:24 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\pcouffin.inf
[2007/11/09 22:48:20 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2007/04/30 14:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CPC10Q.INI
[2007/04/28 08:23:41 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/04/17 15:28:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/03/05 14:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/11/26 17:40:52 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/11/18 00:35:53 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\hndlt.ini
[2006/11/18 00:34:41 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\windll.ini
[2006/11/08 20:59:54 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/10/09 12:00:34 | 000,136,704 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/04 12:35:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/02 20:50:46 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/02 20:33:26 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/02 17:33:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Install6x.dll
[2006/10/02 17:33:07 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\RT2661.bin
[2006/10/02 17:33:07 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\RT2561s.bin
[2006/10/02 17:33:07 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\RT2561.bin
[2006/10/02 16:29:01 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/10/02 15:32:15 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2006/10/02 10:56:30 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\FASTWiz.html
[2006/09/30 15:26:44 | 000,000,058 | ---- | C] () -- C:\WINDOWS\mchguid.ini
[2006/09/29 20:10:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/07/18 14:31:20 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\fusioncache.dat
[2006/07/12 16:26:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/12 16:20:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/12 08:41:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/12 08:40:05 | 002,703,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/01/27 02:33:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\o2flash.exe
[2005/01/20 22:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2003/09/16 11:52:28 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/09/16 11:43:31 | 000,884,736 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2003/09/16 11:41:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/18 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 08:00:00 | 000,435,806 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 08:00:00 | 000,068,470 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2007/11/09 22:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/08/30 09:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2008/04/05 09:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jes-Soft
[2007/01/26 16:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/06/15 10:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2009/07/17 18:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/01/02 14:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/08/30 09:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/06/15 09:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/11/11 08:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/06/01 11:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/02/05 12:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008/03/24 17:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\acccore
[2008/01/06 13:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Aim
[2011/03/22 09:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Amazon
[2010/03/08 10:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Azureus
[2009/05/17 11:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Blackberry Desktop
[2010/09/23 11:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\com.adobe.ExMan
[2010/11/16 17:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2007/07/18 17:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\CTS
[2009/03/12 19:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\FileZilla
[2010/05/09 13:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\foobar2000
[2007/03/12 16:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Investintech
[2007/06/24 10:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Leadertech
[2008/08/30 09:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Nikon
[2008/04/02 21:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\OfficeUpdate12
[2009/05/20 08:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Research In Motion
[2010/05/28 12:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Subversion
[2011/04/20 12:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\uTorrent
[2007/01/18 13:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Viewpoint
[2011/02/11 21:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Vso
[2011/05/20 17:07:08 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/09/15 03:26:58 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2011/05/01 01:00:20 | 000,000,336 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B835CF2D

< End of report >

#20 djs

djs

    Advanced Member

  • Members
  • PipPipPip
  • 76 posts

Posted 20 May 2011 - 10:22 PM

BTW.....my laptop is not the computer we were working on prior....


OTL Extras logfile created on: 5/20/2011 5:12:08 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Richard\Desktop\Computer Maintenece
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.64 Gb Total Space | 8.89 Gb Free Space | 12.77% Space Free | Partition Type: NTFS

Computer Name: LABTOP | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
jsfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3703:TCP" = 3703:TCP:*:Disabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Disabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Disabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Disabled:Adobe Version Cue CS4 Server
"5353:TCP" = 5353:TCP:*:Disabled:Adobe CSI CS4
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"3306:TCP" = 3306:TCP:*:Enabled:MySQL

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Richard\Local Settings\temp\7zS14D3\setup\hpznui01.exe" = C:\Documents and Settings\Richard\Local Settings\temp\7zS14D3\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Richard\Desktop\utorrent.exe" = C:\Documents and Settings\Richard\Desktop\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Richard\Local Settings\temp\7zS14D3\setup\hpznui01.exe" = C:\Documents and Settings\Richard\Local Settings\temp\7zS14D3\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Disabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Disabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Disabled:Azureus


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 23
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.2
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E908702-AF35-4611-9518-955DA24B7E07}" = Microsoft XML Parser and SDK
"{3EAB224E-12F7-4EBA-AC0A-A2B10FEEA0E4}" = MySQL Server 5.0
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{597AB407-CD06-860C-0A65-5AF693C0C961}" = Adobe Widget Browser
"{5CD4F991-BA3E-4EC4-A7A1-EFB61F4D7291}" = Setup
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.0.0.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{79F86C69-2B17-4368-9234-472A23639E16}" = Ad-Aware
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.8
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}" = BlackBerry Desktop Software 4.2.2
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D6C35F0E-D09D-4177-BAEE-4D412D749A96}" = Point
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E896DA69-F993-440E-8515-EB197EFB284F}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8320 smartphone
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EB1B0104-6A57-446F-B855-FDF49151BE0C}" = O2Micro Flash Memory Card Windows Driver V2.04
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Ralink Wireless LAN Card
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ATI Display Driver" = ATI Display Driver
"Azureus Vuze" = Azureus Vuze
"BlackBerry_{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}" = BlackBerry Desktop Software 4.2.2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"D3EF3AED75646A3F17097FE6095D2DA7936A766A" = Windows Driver Package - Agere Systems (AGR1310_51) Net (07/20/2005 1.2.8.0)
"DivX Setup.divx.com" = DivX Setup
"DVDFab HD Decrypter_is1" = DVDFab HD Decrypter 3.2.1.0
"Fast AVI MPEG Joiner_is1" = Fast AVI MPEG Joiner 1.2.0812
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{EB1B0104-6A57-446F-B855-FDF49151BE0C}" = O2Micro Flash Memory Card Windows Driver V2.04
"IsoBuster_is1" = IsoBuster 2.2
"McAfee Security Scan" = McAfee Security Scan Plus
"MeridianLink Site Security Certificate" = MeridianLink Site Security Certificate
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 1.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.1.8
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/18/2011 12:33:10 PM | Computer Name = LABTOP | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at http://www.mysql.com.



Error - 5/18/2011 12:33:10 PM | Computer Name = LABTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 5/18/2011 12:33:14 PM | Computer Name = LABTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 5/18/2011 12:33:14 PM | Computer Name = LABTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 5/19/2011 9:36:34 AM | Computer Name = LABTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/19/2011 9:36:34 AM | Computer Name = LABTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 5/20/2011 1:24:44 PM | Computer Name = LABTOP | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> Syntax
error on line 128 of C:/Program Files/Apache Software Foundation/Apache2.2/conf/httpd.conf:
.

Error - 5/20/2011 1:24:44 PM | Computer Name = LABTOP | Source = Apache Service | ID = 3299
Description = The Apache service named Apache.exe reported the following error: >>>
[Fri May 20 13:24:44 2011] [warn] pid file c:/phpdev5/apache/logs/httpd.pid overwritten
-- Unclean shutdown of previous Apache run? <<< before the error.log file could
be opened. More information may be available in the error.log file. .

Error - 5/20/2011 1:24:53 PM | Computer Name = LABTOP | Source = MySQL | ID = 100
Description = listen() on TCP/IP failed with error 6 For more information, see Help
and Support Center at http://www.mysql.com.

Error - 5/20/2011 1:24:53 PM | Computer Name = LABTOP | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at http://www.mysql.com.



[ System Events ]
Error - 5/20/2011 1:24:28 PM | Computer Name = LABTOP | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 5/20/2011 1:25:17 PM | Computer Name = LABTOP | Source = Service Control Manager | ID = 7024
Description = The Apache2.2 service terminated with service-specific error 1 (0x1).

Error - 5/20/2011 1:25:42 PM | Computer Name = LABTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvport

Error - 5/20/2011 1:25:42 PM | Computer Name = LABTOP | Source = Service Control Manager | ID = 7034
Description = The MySQL service terminated unexpectedly. It has done this 1 time(s).

Error - 5/20/2011 1:26:34 PM | Computer Name = LABTOP | Source = HTTP | ID = 15005
Description = Unable to bind to the underlying transport for 0.0.0.0:10243. The
IP Listen-Only list may contain a reference to an interface which may not exist
on this machine. The data field contains the error number.

Error - 5/20/2011 1:26:34 PM | Computer Name = LABTOP | Source = WMPNetworkSvc | ID = 866321
Description = A media delivery engine with ID '0' was not initialized due to error
'0x80070005' when adding the URL 'http://+:10243/WMPNSSv3/3528899744/'. Restart
your computer, and then restart the WMPNetworkSvc service. If the problem persists,
reinstall Windows Media Player if possible.

Error - 5/20/2011 1:26:34 PM | Computer Name = LABTOP | Source = WMPNetworkSvc | ID = 866317
Description = A new media server was not initialized because the Windows Media Delivery
Engine did not initialize due to error '0x80070005'. Restart your computer, and
then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows
Media Player if possible.

Error - 5/20/2011 1:26:35 PM | Computer Name = LABTOP | Source = HTTP | ID = 15005
Description = Unable to bind to the underlying transport for 0.0.0.0:10243. The
IP Listen-Only list may contain a reference to an interface which may not exist
on this machine. The data field contains the error number.

Error - 5/20/2011 1:26:35 PM | Computer Name = LABTOP | Source = WMPNetworkSvc | ID = 866321
Description = A media delivery engine with ID '0' was not initialized due to error
'0x80070005' when adding the URL 'http://+:10243/WMPNSSv3/3528899744/'. Restart
your computer, and then restart the WMPNetworkSvc service. If the problem persists,
reinstall Windows Media Player if possible.

Error - 5/20/2011 1:26:35 PM | Computer Name = LABTOP | Source = WMPNetworkSvc | ID = 866317
Description = A new media server was not initialized because the Windows Media Delivery
Engine did not initialize due to error '0x80070005'. Restart your computer, and
then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows
Media Player if possible.


< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users