mbam-log-2009-10-12 (22-33-51).txt
Scan type: Quick Scan
Objects scanned: 104961
Time elapsed: 22 minute(s), 58 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegedit (Hijack.Regedit) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
---------------
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/12 23:31
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF226A000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7AAB000 Size: 8192 File Visible: No Signed: -
Status: -
Name: mchInjDrv.sys
Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xF7CAC000 Size: 2560 File Visible: No Signed: -
Status: -
Name: rootrepeal2.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal2.sys
Address: 0xEF6AA000 Size: 49152 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf73a3514
#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7392282
#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf7392474
#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf73a3d00
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf73a3fb8
#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf73a23fa
#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf73a4422
#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf73a37d8
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7391f32
==EOF==
---------------------
OTL logfile created on: 10/12/2009 11:35:55 PM - Run 1
OTL by OldTimer - Version 3.0.20.0 Folder = C:\Documents and Settings\Bryan\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.36 Mb Total Physical Memory | 270.14 Mb Available Physical Memory | 26.40% Memory free
2.40 Gb Paging File | 1.46 Gb Available in Paging File | 60.75% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 39.49 Gb Free Space | 53.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: D7FC5581
Current User Name: Bryan
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/10/12 23:34:17 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bryan\Desktop\OTL.exe
PRC - [2009/10/06 00:43:04 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
PRC - [2009/09/12 18:32:12 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/31 15:23:21 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/31 15:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/06/29 21:58:39 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Bryan\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/06 12:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/01/21 13:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2008/12/08 13:33:48 | 01,173,384 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/02/26 00:35:19 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/02/21 16:08:08 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2007/01/04 17:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/04/20 09:34:26 | 01,520,688 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2005/11/30 12:32:10 | 00,327,680 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
PRC - [2005/10/31 13:18:48 | 00,101,888 | ---- | M] (Walt Disney Internet Group) -- C:\Program Files\ESPNRunTime\DIGServices.exe
PRC - [2005/10/31 13:05:44 | 00,278,528 | ---- | M] (Walt Disney Internet Group) -- C:\Program Files\DIGStream\digstream.exe
PRC - [2005/06/23 20:27:36 | 00,085,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2005/06/23 20:27:28 | 01,715,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/06/23 20:27:18 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/06/02 10:21:46 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/06/02 10:21:40 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/06/02 10:21:38 | 00,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/03/04 00:29:02 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
PRC - [2004/12/06 21:45:14 | 00,696,425 | ---- | M] (Dell Inc) -- C:\WINDOWS\System32\WLTRAY.exe
PRC - [2004/12/06 21:45:14 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\wltrysvc.exe
PRC - [2004/12/06 21:45:12 | 00,872,556 | ---- | M] (Dell Inc) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2004/12/04 04:32:34 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2004/12/03 22:00:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2004/11/04 20:36:46 | 00,425,984 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
PRC - [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2004/09/13 17:33:20 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/09/13 16:49:00 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2004/08/19 15:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2004/04/26 09:04:14 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/04/01 19:05:48 | 00,077,824 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\System32\basfipm.exe
PRC - [2004/02/13 11:47:02 | 00,155,648 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe
PRC - [2003/10/29 04:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/03/04 05:50:00 | 00,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Logi_MwX.Exe
PRC - [2003/02/25 01:52:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE
PRC - [2003/02/25 01:50:00 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXPPS.EXE
========== Win32 Services (SafeList) ==========
SRV - [2009/10/06 00:38:14 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca463f14ae7c06 [Auto | Stopped])
SRV - [2009/10/05 23:51:12 | 00,194,032 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2009/07/31 15:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/01/21 13:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
SRV - [2009/01/07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/11/30 07:18:51 | 00,026,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe -- (spupdsvc [Disabled | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006/10/13 08:35:12 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nwwks.dll -- (NWCWorkstation [Auto | Running])
SRV - [2006/04/20 09:34:26 | 01,520,688 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
SRV - [2006/03/30 10:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Disabled | Stopped])
SRV - [2005/06/23 20:27:30 | 00,124,608 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
SRV - [2005/06/23 20:27:28 | 01,715,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2005/06/23 20:27:18 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2005/06/02 10:21:46 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2005/06/02 10:21:46 | 00,083,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
SRV - [2005/06/02 10:21:40 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2005/04/04 02:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2005/03/30 22:48:22 | 00,992,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])
SRV - [2005/03/04 00:29:02 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -- (NICCONFIGSVC [Auto | Running])
SRV - [2004/12/06 21:45:14 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\wltrysvc.exe -- (wltrysvc [Auto | Running])
SRV - [2004/12/04 04:32:34 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2004/09/30 13:49:35 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2004/08/04 06:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/04/01 19:05:48 | 00,077,824 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\System32\basfipm.exe -- (BAsfIpM [Auto | Running])
SRV - [2004/02/13 11:47:02 | 00,155,648 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/02/25 01:52:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE -- (LexBceS [Auto | Running])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.jmu.edu/jmuweb/students/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....fr=ytff-twc&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {d84a846d-f7cb-4187-a408-b171020e8940}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.291
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14
FF - prefs.js..keyword.URL: "http://search.yahoo....fr=ytff-twc&p="
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 10:37:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/07 20:49:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/12 18:36:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/10 13:50:48 | 00,000,000 | ---D | M]
[2009/01/16 13:05:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Extensions
[2009/01/16 13:05:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/12 18:17:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Firefox\Profiles\jjzle15m.default\extensions
[2009/09/09 10:45:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Firefox\Profiles\jjzle15m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/07 03:22:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Firefox\Profiles\jjzle15m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/01/29 22:50:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Firefox\Profiles\jjzle15m.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/12/31 02:46:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Firefox\Profiles\jjzle15m.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/04/07 09:48:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Firefox\Profiles\jjzle15m.default\extensions\{d84a846d-f7cb-4187-a408-b171020e8940}
[2009/01/20 14:24:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Firefox\Profiles\jjzle15m.default\extensions\[email protected]
[2009/08/17 21:30:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Firefox\Profiles\jjzle15m.default\extensions\[email protected]
[2009/09/26 22:15:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Firefox\Profiles\jjzle15m.default\extensions\[email protected]
[2009/10/12 18:17:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/03/10 21:34:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/09/12 18:32:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/11/11 19:55:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/01/07 20:50:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/10/06 00:14:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/09/12 18:32:11 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/12 18:32:12 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 17:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/07/31 15:23:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 14:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/09/26 12:40:34 | 00,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnu.dll
[2008/06/27 16:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/09/12 18:32:17 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/04/22 19:38:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/04/22 19:38:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/04/22 19:38:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/04/22 19:38:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/04/22 19:38:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/04/22 19:38:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/04/22 19:38:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/09/15 11:52:06 | 00,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/05/01 17:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2008/12/31 02:43:50 | 00,002,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\AIM Search.xml
[2009/08/11 00:51:07 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/11 00:51:07 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/11 00:51:07 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/11 00:51:07 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/11 00:51:07 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/11 00:51:07 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/11 00:51:07 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (36 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {A57FF8CF-C9DB-407F-80C4-6F1AB3BCA484} - C:\WINDOWS\System32\byXNgfFv.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (Dell Inc)
O4 - HKLM..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe (Walt Disney Internet Group)
O4 - HKLM..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe (Walt Disney Internet Group)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Bryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Sticker] C:\Program Files\MoRUN.net\NotesPlusPlus\notespp.exe File not found
O4 - HKLM..\RunOnce: [NSSInstallation] C:\WINDOWS\System32\Adobe\Shockwave 11\nssstub.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Bryan\Start Menu\Programs\Startup\V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe (Smith Micro Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O8 - Extra context menu item: &Viewpoint Search - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll (Viewpoint Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .scm - C:\Temp\NPSC.DLL ()
O12 - Plugin for: .xav - C:\Temp\NPAVIAN.DLL ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: jmu.edu ([blackboard] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.c...s/ebraryRdr.cab (Infotl Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?LinkID=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://prerelease.tr...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} http://gamingzone.ub...s/GSManager.cab (CoGSManager Class)
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} http://www.easports....py/iesnoopy.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai....302/Coupons.cab (Reg Error: Key error.)
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} http://activex.micro...n7/dlhelper.cab (Download Helper Class)
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} http://cdn.digitalci....1.11_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai...l/installer.exe (Reg Error: Key error.)
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} http://www.candystan...acheManager.CAB (CacheManager.CacheManagerCtrl)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontec...2ie06101001.cab (Reg Error: Key error.)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.del...ll/gtdownde.cab (Dell PC Checkup Installer Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.2 167.206.254.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/html - No CLSID value found
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (dmvkjl.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\cbXRLddc: DllName - cbXRLddc.dll - File not found
O20 - Winlogon\Notify\LMOUgnt: DllName - LMOUgnt.dll - File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll (Symantec Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6d2109e8-1979-11de-b24e-00123ff423b6}\Shell\AutoRun\command - "" = setupSNK.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (stera) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - C:\WINDOWS\System32\nwwks.dll (Microsoft Corporation)
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ==========
[2009/10/05 23:50:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/10/06 00:24:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/05 22:47:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/10/06 01:21:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/10/05 17:46:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/10/06 01:21:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/06 00:25:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Application Data\Malwarebytes
[2009/10/06 01:21:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bryan\Application Data\PC Tools
[2009/10/06 01:21:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/10/09 23:36:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/10/12 22:07:46 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/06 00:24:24 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/12 21:32:43 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/10/05 22:38:06 | 00,000,000 | ---D | C] -- C:\Program Files\Snood 4
[2009/10/05 17:46:15 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/10/06 01:21:02 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/10/12 23:34:20 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bryan\Desktop\OTL.exe
[2009/10/12 23:31:19 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Bryan\Desktop\RootRepeal(2).exe
[2009/10/12 23:26:03 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Bryan\Desktop\RootRepeal.exe
[2009/10/12 22:07:15 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Bryan\Desktop\erunt_setup(3).exe
[2009/10/12 21:49:46 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Bryan\Desktop\erunt_setup(2).exe
[2009/10/12 21:45:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/12 21:41:19 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Bryan\Desktop\erunt_setup.exe
[2009/10/12 21:38:31 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Bryan\Desktop\SysRestorePoint.exe
[2009/10/12 21:08:12 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bryan\Desktop\TFC.exe
[2009/10/12 15:27:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/10/06 01:24:30 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/10/06 01:22:59 | 00,130,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/10/06 01:22:58 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/10/06 01:21:51 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/10/06 00:32:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IOSUBSYS
[2009/10/06 00:24:34 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/06 00:24:26 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/06 00:21:59 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bryan\Desktop\mbam-setup.exe
[2009/10/05 17:41:23 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Bryan\Desktop\spybotsd162.exe
========== Files - Modified Within 14 Days ==========
[43 C:\Documents and Settings\Bryan\My Documents\*.tmp files]
[2009/10/12 23:34:17 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bryan\Desktop\OTL.exe
[2009/10/12 23:31:16 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Bryan\Desktop\RootRepeal(2).exe
[2009/10/12 23:26:01 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Bryan\Desktop\RootRepeal.exe
[2009/10/12 23:20:51 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\NSSstub.job
[2009/10/12 23:19:53 | 00,000,955 | ---- | M] () -- C:\Documents and Settings\Bryan\Start Menu\Programs\Startup\V CAST Music Monitor.lnk
[2009/10/12 23:15:18 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/12 23:13:37 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/12 23:11:12 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/10/12 23:11:06 | 00,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/12 23:10:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/12 23:09:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/12 23:09:26 | 10,731,43808 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/12 23:03:02 | 00,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-352244921-838533454-3301132321-1005UA.job
[2009/10/12 22:49:10 | 00,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/12 22:07:50 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\NTREGOPT.lnk
[2009/10/12 22:07:49 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\ERUNT.lnk
[2009/10/12 22:07:15 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Bryan\Desktop\erunt_setup(3).exe
[2009/10/12 22:03:04 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-352244921-838533454-3301132321-1005Core.job
[2009/10/12 21:49:49 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Bryan\Desktop\erunt_setup(2).exe
[2009/10/12 21:41:20 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Bryan\Desktop\erunt_setup.exe
[2009/10/12 21:38:28 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Bryan\Desktop\SysRestorePoint.exe
[2009/10/12 21:08:10 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bryan\Desktop\TFC.exe
[2009/10/10 14:24:05 | 00,001,550 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/10/10 14:15:14 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/10 02:13:14 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\Bryan\My Documents\beezy.doc
[2009/10/10 01:41:22 | 00,015,872 | ---- | M] () -- C:\Documents and Settings\Bryan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/09 22:45:24 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Bryan\My Documents\football.doc
[2009/10/09 22:45:17 | 00,069,120 | ---- | M] () -- C:\Documents and Settings\Bryan\My Documents\Expert picks.doc
[2009/10/09 03:13:05 | 00,036,352 | ---- | M] () -- C:\Documents and Settings\Bryan\My Documents\BryanWatkins_USIP_ProgramAssistant.doc
[2009/10/08 21:51:15 | 00,001,774 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Calendar.lnk
[2009/10/08 21:51:15 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Mail.lnk
[2009/10/08 21:51:15 | 00,001,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Docs.lnk
[2009/10/08 21:39:41 | 00,716,857 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\3.0_FSO_RegGuide.pdf
[2009/10/08 19:55:34 | 00,004,674 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\Attach.zip
[2009/10/08 19:55:17 | 00,000,956 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\ark.zip
[2009/10/08 17:16:10 | 00,282,312 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\gmer.zip
[2009/10/08 16:34:20 | 00,361,369 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\dds.scr
[2009/10/07 22:51:45 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/10/06 00:24:45 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/06 00:22:12 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bryan\Desktop\mbam-setup.exe
[2009/10/05 23:50:55 | 01,246,288 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\Google Updater(2).exe
[2009/10/05 23:48:35 | 01,246,288 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\Google Updater.exe
[2009/10/05 23:37:06 | 00,001,728 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\NSSstub.lnk
[2009/10/05 17:46:54 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\Spybot - Search & Destroy.lnk
[2009/10/05 17:43:19 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Bryan\Desktop\spybotsd162.exe
[2009/10/05 12:49:11 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Bryan\My Documents\~$yanWatkins_Finnegan_LitigationPosition.doc
[2009/10/05 12:14:16 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Bryan\My Documents\~$rprogassoc.doc
[2009/10/04 02:00:29 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Bryan\My Documents\cfrprogassoc.doc
[2009/10/04 02:00:01 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Bryan\My Documents\cfrcap.doc
[2009/10/03 01:58:44 | 00,031,592 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\fd0503g.pdf
[2009/10/01 02:36:15 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\Bryan\My Documents\BryanWatkins_Finnegan_LitigationPosition.doc
[2009/10/01 02:35:02 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\Bryan\My Documents\BryanWatkins_Finnegan_Litigation.doc
========== Files - No Company Name ==========
[2009/10/12 22:07:49 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Bryan\Desktop\ERUNT.lnk
[2009/10/12 21:45:57 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Bryan\Desktop\NTREGOPT.lnk
[2009/10/10 02:09:44 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Bryan\My Documents\beezy.doc
[2009/10/09 03:10:27 | 00,036,352 | ---- | C] () -- C:\Documents and Settings\Bryan\My Documents\BryanWatkins_USIP_ProgramAssistant.doc
[2009/10/08 21:51:15 | 00,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Calendar.lnk
[2009/10/08 21:51:15 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Mail.lnk
[2009/10/08 21:51:15 | 00,001,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Docs.lnk
[2009/10/08 21:39:38 | 00,716,857 | ---- | C] () -- C:\Documents and Settings\Bryan\Desktop\3.0_FSO_RegGuide.pdf
[2009/10/08 19:55:17 | 00,000,956 | ---- | C] () -- C:\Documents and Settings\Bryan\Desktop\ark.zip
[2009/10/08 19:54:22 | 00,004,674 | ---- | C] () -- C:\Documents and Settings\Bryan\Desktop\Attach.zip
[2009/10/08 17:16:18 | 00,282,312 | ---- | C] () -- C:\Documents and Settings\Bryan\Desktop\gmer.zip
[2009/10/08 16:34:28 | 00,361,369 | ---- | C] () -- C:\Documents and Settings\Bryan\Desktop\dds.scr
[2009/10/07 22:51:45 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/10/06 01:14:52 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/06 00:44:00 | 00,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/06 00:43:55 | 00,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/06 00:24:45 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/05 23:51:34 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/10/05 23:50:42 | 01,246,288 | ---- | C] () -- C:\Documents and Settings\Bryan\Desktop\Google Updater(2).exe
[2009/10/05 23:48:34 | 01,246,288 | ---- | C] () -- C:\Documents and Settings\Bryan\Desktop\Google Updater.exe
[2009/10/05 23:37:05 | 00,001,728 | ---- | C] () -- C:\Documents and Settings\Bryan\Desktop\NSSstub.lnk
[2009/10/05 20:37:43 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\NSSstub.job
[2009/10/05 17:46:54 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Bryan\Desktop\Spybot - Search & Destroy.lnk
[2009/10/05 12:49:11 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Bryan\My Documents\~$yanWatkins_Finnegan_LitigationPosition.doc
[2009/10/05 12:14:16 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Bryan\My Documents\~$rprogassoc.doc
[2009/10/04 02:00:28 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Bryan\My Documents\cfrprogassoc.doc
[2009/10/04 02:00:00 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Bryan\My Documents\cfrcap.doc
[2009/10/03 01:58:44 | 00,031,592 | ---- | C] () -- C:\Documents and Settings\Bryan\Desktop\fd0503g.pdf
[2009/10/02 21:07:40 | 00,069,120 | ---- | C] () -- C:\Documents and Settings\Bryan\My Documents\Expert picks.doc
[2009/10/01 02:35:28 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\Bryan\My Documents\BryanWatkins_Finnegan_LitigationPosition.doc
[2009/10/01 02:25:37 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\Bryan\My Documents\BryanWatkins_Finnegan_Litigation.doc
[2009/02/15 19:38:08 | 00,034,126 | -HS- | C] () -- C:\WINDOWS\System32\dKRtDcdd.ini
[2008/01/11 17:24:57 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/04/09 21:08:12 | 00,000,080 | RHS- | C] () -- C:\WINDOWS\System32\F3E9D91619.dll
[2007/03/26 14:58:57 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2007/03/10 21:29:25 | 04,715,738 | -H-- | C] () -- C:\Documents and Settings\Bryan\Local Settings\Application Data\IconCache.db
[2007/03/10 21:08:32 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2007/01/30 17:13:45 | 00,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2007/01/30 17:12:40 | 00,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2006/08/03 19:59:16 | 00,000,061 | ---- | C] () -- C:\WINDOWS\EntPack.ini
[2006/05/21 17:55:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\RingtoneMaker.INI
[2006/05/21 17:29:46 | 00,002,607 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006/05/07 03:09:24 | 00,015,872 | ---- | C] () -- C:\Documents and Settings\Bryan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/16 21:10:22 | 00,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/03/07 03:31:11 | 00,003,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/10/05 19:55:11 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Bryan\Local Settings\Application Data\fusioncache.dat
[2005/09/06 13:25:01 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/31 04:39:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/08/31 03:57:12 | 00,000,419 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2005/08/25 04:49:10 | 00,002,866 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/08/24 17:39:24 | 00,037,624 | ---- | C] () -- C:\Documents and Settings\Bryan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/08/24 17:36:34 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Bryan\Application Data\desktop.ini
[2005/08/14 22:13:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/14 22:11:58 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/14 22:09:39 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/08/14 21:53:08 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/08/14 21:52:32 | 00,000,371 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/16 00:57:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 18:24:19 | 00,000,883 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:07:11 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/11 18:00:37 | 00,000,731 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 18:00:35 | 00,000,250 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996/04/03 15:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2009/10/06 01:21:02 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/04/22 19:46:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/09/09 14:58:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/10/12 23:18:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2005/12/29 15:46:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESPN
[2009/10/05 22:47:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2004/08/11 18:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/10/12 23:41:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/11/08 00:18:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2007/01/29 03:03:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/01/10 17:05:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2009/10/06 01:21:02 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Bryan\Application Data
[2005/08/24 18:14:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Aim
[2007/09/09 15:10:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Azureus
[2006/11/25 12:30:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Cimaware
[2005/10/21 18:01:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\CyberLink
[2006/03/23 01:11:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\funkitron
[2007/05/15 11:18:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\HouseCall 6.6
[2006/11/01 14:01:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Image Zone Express
[2005/08/24 17:39:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Leadertech
[2006/05/21 17:44:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\MAGIX
[2006/06/26 14:31:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Microgaming
[2009/08/18 19:50:57 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Bryan\Application Data\Move Networks
[2009/02/25 12:24:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\QuosaDDM
[2006/08/25 19:45:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Smith Micro
[2008/01/26 15:34:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Snapfish
[2009/02/15 22:10:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\SuperAdBlocker.com
[2008/04/18 10:39:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\U3
[2007/01/31 02:09:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Viewpoint
[2007/05/15 11:27:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\WinPatrol
[2008/04/13 13:08:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\ZoomBrowser EX
[2009/06/26 17:28:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/12 23:11:12 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/10/12 23:11:06 | 00,000,880 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/10/12 22:49:10 | 00,000,884 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/10/12 22:03:04 | 00,000,926 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-352244921-838533454-3301132321-1005Core.job
[2009/10/12 23:03:02 | 00,000,978 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-352244921-838533454-3301132321-1005UA.job
[2009/10/12 23:15:18 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/10/12 23:20:51 | 00,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\NSSstub.job
[2009/10/12 23:10:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2005/10/31 11:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
< %systemroot%\system32\eventlog.dll >
[2004/08/04 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
< %systemroot%\system32\scecli.dll >
[2004/08/04 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\netlogon.dll >
< %systemroot%\system32\cngaudit.dll >
< %systemroot%\system32\sceclt.dll >
< %systemroot%\ntelogon.dll >
< %systemroot%\system32\logevent.dll >
========== Alternate Data Streams ==========
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
-----------------------
OTL Extras logfile created on: 10/12/2009 11:35:55 PM - Run 1
OTL by OldTimer - Version 3.0.20.0 Folder = C:\Documents and Settings\Bryan\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.36 Mb Total Physical Memory | 270.14 Mb Available Physical Memory | 26.40% Memory free
2.40 Gb Paging File | 1.46 Gb Available in Paging File | 60.75% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 39.49 Gb Free Space | 53.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: D7FC5581
Current User Name: Bryan
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"2967:UDP" = 2967:UDP:*:Enabled:RTVScan
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2967:UDP" = 2967:UDP:*:Enabled:RTVScan
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\P2P Networking\P2P Networking.exe" = C:\WINDOWS\system32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking -- File not found
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- (Lexmark International, Inc.)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\ubi.com\Core\GS4.exe" = C:\Program Files\ubi.com\Core\GS4.exe:*:Enabled:ubi.com Game Service -- File not found
"C:\Program Files\Red Storm Entertainment\RavenShield\system\ravenshield.exe" = C:\Program Files\Red Storm Entertainment\RavenShield\system\ravenshield.exe:*:Enabled:ravenshield -- File not found
"C:\Program Files\Speed\Speed.exe" = C:\Program Files\Speed\Speed.exe:*:Enabled:Speed -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\MoRUN.net\NotesPlusPlus\notespp.exe" = C:\Program Files\MoRUN.net\NotesPlusPlus\notespp.exe:*:Enabled:notespp -- File not found
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- File not found
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Disabled:BearShare -- File not found
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Disabled:BitLord -- File not found
"C:\Program Files\Kazaa\kazaa.exe" = C:\Program Files\Kazaa\kazaa.exe:*:Disabled:Kazaa -- File not found
"C:\Program Files\K-litePro\k-litepro.exe" = C:\Program Files\K-litePro\k-litepro.exe:*:Disabled:K-litePro Ultimate File Sharing -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Documents and Settings\Bryan\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Bryan\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 16
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{3248E093-5288-4CA9-B3AB-11A675FEA1F9}" = Symantec AntiVirus
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{3249FD43-B24B-413F-B786-F8FEA32FA747}" = V CAST Music
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3A05B900-A3E7-11DE-A9B7-005056806466}" = Google Earth
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43622C01-15D3-4E62-9AD9-BD7C007FD452}" = SPSS 12.0 for Windows Student Version
"{48B82226-75E3-4E90-92CC-D30F79EA6380}" = Norton Security Scan
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.76
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{5F82271E-DFBE-405B-9C10-1B4E66C6E12E}" = iPod 2 iPod
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Advanced Control Suite 2
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}" = OMCI
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8F7A4D82-B168-4F89-99C2-B9873EC877AF}" = HP Image Zone Express
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Plus
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0E5147E-C9F3-4360-9ED0-2E875F11766C}" = Respondus LockDown Browser
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}" = Google Apps
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"CSCLIB" = Canon Camera Support Core Library
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"ESPN RunTime" = ESPN RunTime
"Google Updater" = Google Updater
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Advanced Control Suite 2
"InstallShield_{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"Lexmark Z600 Series" = Lexmark Z600 Series
"LG USB Drivers" = LG USB Drivers
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Logitech Resource Center" = Logitech Resource Center
"Lotus Media Plugin Player" = Lotus Media Plugin Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Move Networks Player_is1" = Move Networks Player for Internet Explorer
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spyware Doctor" = Spyware Doctor 6.0
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"ViewpointSearchBar" = Viewpoint Toolbar (Remove Only)
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10/12/2009 3:45:04 PM | Computer Name = D7FC5581 | Source = Symantec AntiVirus | ID = 16711725
Description = Threat: C:\Program Files\Windows Defender\MsMpEng.exe in File: C:\Program
Files\Common Files\Symantec Shared\ccApp.exe by: Tamper Protection scan. Action:
Blocked. Action Description:
Error - 10/12/2009 3:45:04 PM | Computer Name = D7FC5581 | Source = Symantec AntiVirus | ID = 16711725
Description = Threat: C:\Program Files\Windows Defender\MsMpEng.exe in File: C:\PROGRA~1\SYMANT~1\VPTray.exe
by: Tamper Protection scan. Action: Blocked. Action Description:
Error - 10/12/2009 3:45:12 PM | Computer Name = D7FC5581 | Source = Symantec AntiVirus | ID = 16711725
Description = Threat: C:\Program Files\Windows Defender\MsMpEng.exe in File: C:\Program
Files\Common Files\Symantec Shared\ccSetMgr.exe by: Tamper Protection scan. Action:
Blocked. Action Description:
Error - 10/12/2009 3:45:17 PM | Computer Name = D7FC5581 | Source = Symantec AntiVirus | ID = 16711725
Description = Threat: C:\Program Files\Windows Defender\MsMpEng.exe in File: C:\Program
Files\Common Files\Symantec Shared\ccEvtMgr.exe by: Tamper Protection scan. Action:
Blocked. Action Description:
Error - 10/12/2009 3:45:17 PM | Computer Name = D7FC5581 | Source = Symantec AntiVirus | ID = 16711725
Description = Threat: C:\Program Files\Windows Defender\MsMpEng.exe in File: C:\Program
Files\Symantec AntiVirus\DefWatch.exe by: Tamper Protection scan. Action: Blocked.
Action Description:
Error - 10/12/2009 3:45:23 PM | Computer Name = D7FC5581 | Source = Symantec AntiVirus | ID = 16711725
Description = Threat: C:\Program Files\Windows Defender\MsMpEng.exe in File: C:\Program
Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe by: Tamper Protection scan.
Action: Blocked. Action Description:
Error - 10/12/2009 3:45:23 PM | Computer Name = D7FC5581 | Source = Symantec AntiVirus | ID = 16711725
Description = Threat: C:\Program Files\Windows Defender\MsMpEng.exe in File: C:\Program
Files\Symantec AntiVirus\Rtvscan.exe by: Tamper Protection scan. Action: Blocked.
Action Description:
Error - 10/12/2009 9:39:10 PM | Computer Name = D7FC5581 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 sysrestorepoint.exe, P2 1.3.0.0, P3 485da791,
P4 microsoft.visualbasic, P5 8.0.0.0, P6 4889f422, P7 5e, P8 1e1, P9 34ssps20bdj3nj0wmit5kamzhvglfzcc,
P10 NIL.
Error - 10/12/2009 9:54:52 PM | Computer Name = D7FC5581 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 10/12/2009 9:55:07 PM | Computer Name = D7FC5581 | Source = Application Hang | ID = 1001
Description = Fault bucket 452615105.
[ System Events ]
Error - 10/12/2009 9:09:28 PM | Computer Name = D7FC5581 | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 10/12/2009 9:09:29 PM | Computer Name = D7FC5581 | Source = Service Control Manager | ID = 7034
Description = The Symantec AntiVirus Definition Watcher service terminated unexpectedly.
It has done this 1 time(s).
Error - 10/12/2009 9:09:29 PM | Computer Name = D7FC5581 | Source = Service Control Manager | ID = 7034
Description = The Cisco Systems, Inc. VPN Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 10/12/2009 9:09:30 PM | Computer Name = D7FC5581 | Source = Service Control Manager | ID = 7034
Description = The Iap service terminated unexpectedly. It has done this 1 time(s).
Error - 10/12/2009 9:09:30 PM | Computer Name = D7FC5581 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 10/12/2009 9:09:31 PM | Computer Name = D7FC5581 | Source = Service Control Manager | ID = 7034
Description = The NICCONFIGSVC service terminated unexpectedly. It has done this
1 time(s).
Error - 10/12/2009 9:09:31 PM | Computer Name = D7FC5581 | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).
Error - 10/12/2009 9:09:31 PM | Computer Name = D7FC5581 | Source = Service Control Manager | ID = 7034
Description = The PC Tools Auxiliary Service service terminated unexpectedly. It
has done this 1 time(s).
Error - 10/12/2009 9:09:33 PM | Computer Name = D7FC5581 | Source = Service Control Manager | ID = 7034
Description = The Viewpoint Manager Service service terminated unexpectedly. It
has done this 1 time(s).
Error - 10/12/2009 9:09:40 PM | Computer Name = D7FC5581 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).
< End of report >
I really appreciate the assistance and hope that with your help we can get to the bottom of this issue!
Thank You