OTListIt.Txt ------------ OTListIt logfile created on: 6/1/2009 1:45:49 AM - Run 1 OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.94 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 72.17% Memory free 2.79 Gb Paging File | 2.38 Gb Available in Paging File | 85.55% Paging File free Paging file location(s): C:\pagefile.sys 1024 4096 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 67.68 Gb Total Space | 18.97 Gb Free Space | 28.03% Space Free | Partition Type: NTFS Drive D: | 6.83 Gb Total Space | 4.77 Gb Free Space | 69.83% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-DDD76B06BE Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Output = Minimal File Age = 30 Days Company Name Whitelist: On [color=orange]========== Processes (SafeList) ==========[/color] PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.) PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.) PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\WINDOWS\System32\wltrysvc.exe () PRC - C:\WINDOWS\System32\bcmwltry.exe (Broadcom Corporation) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.) PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation) PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation) PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET) PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.) PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation) PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation) PRC - C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Desktop\OTListIt2.exe (OldTimer Tools) [color=orange]========== Win32 Services (SafeList) ==========[/color] SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.) SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (CLTNetCnService [Auto | Stopped]) -- File not found SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation) SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation) SRV - (EhttpSrv [On_Demand | Stopped]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET) SRV - (ekrn [Auto | Running]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET) SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation) SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation) SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (PrismXL [Auto | Running]) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.) SRV - (wltrysvc [Auto | Running]) -- C:\WINDOWS\System32\wltrysvc.exe () SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) [color=orange]========== Driver Services (SafeList) ==========[/color] DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications) DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices) DRV - (AnyDVD [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.) DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation) DRV - (BVRPMPR5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (CAMCAUD [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.) DRV - (CAMCHALA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.) DRV - (Cdr4_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions) DRV - (Cdralw2k [System | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions) DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (eamon [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\eamon.sys (ESET) DRV - (ehdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\ehdrv.sys (ESET) DRV - (el575nd5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\el575nd5.sys () DRV - (ElbyCDFL [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (ElbyCDIO [System | Running]) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (ElbyDelay [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\ElbyDelay.sys (Elaborate Bytes AG) DRV - (epfwtdir [System | Running]) -- C:\WINDOWS\system32\DRIVERS\epfwtdir.sys (ESET) DRV - (HSFHWATI [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys (Conexant Systems, Inc.) DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant) DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.) DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments) DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (wanatw [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.) DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (yukonwxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\yk51x86.sys (Marvell) [color=orange]========== Standard Registry (SafeList) ==========[/color] [color=orange]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6422 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6422 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ IE - HKU\S-1-5-21-2065493071-2083308637-794740720-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-2065493071-2083308637-794740720-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKU\S-1-5-21-2065493071-2083308637-794740720-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-2065493071-2083308637-794740720-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-2065493071-2083308637-794740720-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-2065493071-2083308637-794740720-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-2065493071-2083308637-794740720-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-2065493071-2083308637-794740720-1006\S-1-5-21-2065493071-2083308637-794740720-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=orange]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MOZILLA\FIREFOX EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C} [2007/07/12 22:44:36 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2008/04/26 23:46:12 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/04/23 23:26:45 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2009/05/26 20:25:46 | 00,000,000 | ---D | M] [2008/03/26 15:44:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Application Data\mozilla\Firefox\Profiles\r5ylj8ul.default\extensions [2008/03/26 15:44:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Application Data\mozilla\Firefox\Profiles\r5ylj8ul.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/03/26 15:44:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Application Data\mozilla\Firefox\Profiles\r5ylj8ul.default\extensions\staged-xpis O1 HOSTS File: (709 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.) O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice (ESET) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.) O4 - HKU\.DEFAULT..\Run: [Power2GoExpress] NA File not found O4 - HKU\S-1-5-18..\Run: [Power2GoExpress] NA File not found O4 - HKU\S-1-5-21-2065493071-2083308637-794740720-1006..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 (Adobe Systems Incorporated) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2065493071-2083308637-794740720-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab (Microsoft ProgressBar Control, version 5.0 (SP2)) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://support.gateway.com/support/profiler/PCPitStop.CAB (PCPitstop Utility) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} https://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab (SupportSoft External Control) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.) O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176930424421 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02) O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe File not found O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/11/23 05:00:29 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004/09/13 13:15:24 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ] O33 - MountPoints2\{5dd06a7a-abdc-11db-b7d4-0014a596cd98}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (/p) - File not found O34 - HKLM BootExecute: (\??\C:) - C: [2009/06/01 01:44:36 | 00,000,000 | ---D | M] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - * [2009/06/01 01:44:36 | 00,000,000 | ---D | M] [color=orange]========== Files/Folders - Created Within 30 Days ==========[/color] [2009/06/01 01:44:36 | 03,127,777 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Desktop\ComboFix.exe [2009/06/01 01:44:20 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Desktop\Rooter.exe [2009/06/01 01:41:59 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Desktop\OTListIt2.exe [2009/06/01 01:31:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/06/01 01:31:09 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2009/06/01 01:26:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2009/06/01 01:24:13 | 00,264,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Desktop\TFC.exe [2009/06/01 00:35:47 | 20,785,93024 | -HS- | C] () -- C:\hiberfil.sys [2009/05/31 23:46:27 | 00,000,000 | ---D | C] -- C:\VundoFix Backups [2009/05/26 20:25:45 | 00,000,000 | ---D | C] -- C:\Program Files\ESET [2009/05/26 20:23:45 | 36,032,512 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\My Documents\eav_nt32_enu.msi [2009/05/23 15:11:46 | 00,078,848 | ---- | C] (?????????? ??????????) -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Application Data\upd.exe.exe [2009/05/14 15:49:32 | 00,094,360 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys [2009/05/14 15:47:14 | 00,107,256 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys [2009/05/14 15:41:10 | 00,114,472 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys [2009/05/09 16:03:37 | 00,000,290 | -H-- | C] () -- C:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job [2008/03/31 17:25:46 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\divx_xx0a.dll [2008/03/21 16:30:08 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008/03/21 16:28:54 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2008/03/21 16:28:54 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest [2008/03/21 16:28:20 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2006/08/25 20:03:29 | 00,004,184 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2006/08/07 19:20:37 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2006/06/23 09:26:54 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll [2006/06/23 09:09:18 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/11/23 07:14:52 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/11/23 03:13:49 | 00,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005/11/23 03:13:49 | 00,000,518 | ---- | C] () -- C:\WINDOWS\System32\emver.ini [2005/11/23 03:12:54 | 00,000,516 | ---- | C] () -- C:\WINDOWS\win.ini [2005/11/23 03:12:52 | 00,000,282 | ---- | C] () -- C:\WINDOWS\system.ini [2005/11/23 03:12:46 | 00,001,744 | ---- | C] () -- C:\WINDOWS\System32\sound.drv [2005/11/23 03:12:43 | 01,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll [2005/11/23 03:12:13 | 00,010,544 | ---- | C] () -- C:\WINDOWS\System32\comm.drv [2005/11/22 20:52:08 | 00,069,692 | ---- | C] () -- C:\WINDOWS\System32\drivers\el575ND5.sys [2005/08/06 01:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/01/14 12:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll [1998/08/16 06:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll [color=orange]========== Files - Modified Within 30 Days ==========[/color] [2009/06/01 01:27:21 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/06/01 01:26:57 | 00,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job [2009/06/01 01:26:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/06/01 01:26:49 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Local Settings\desktop.ini [2009/06/01 01:26:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/06/01 01:26:41 | 20,785,93024 | -HS- | M] () -- C:\hiberfil.sys [2009/06/01 01:19:35 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Desktop\OTListIt2.exe [2009/06/01 01:18:44 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Desktop\Rooter.exe [2009/06/01 01:11:25 | 00,264,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Desktop\TFC.exe [2009/06/01 00:42:17 | 00,000,516 | ---- | M] () -- C:\WINDOWS\win.ini [2009/06/01 00:42:17 | 00,000,282 | ---- | M] () -- C:\WINDOWS\system.ini [2009/06/01 00:42:17 | 00,000,209 | RHS- | M] () -- C:\boot.ini [2009/05/31 23:35:47 | 03,127,777 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Desktop\ComboFix.exe [2009/05/26 20:23:46 | 36,032,512 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\My Documents\eav_nt32_enu.msi [2009/05/23 15:11:46 | 00,078,848 | ---- | M] (?????????? ??????????) -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Application Data\upd.exe.exe [2009/05/14 15:49:32 | 00,094,360 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys [2009/05/14 15:47:14 | 00,107,256 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys [2009/05/14 15:41:10 | 00,114,472 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys [2009/05/07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [color=orange]========== LOP Check ==========[/color] [2006/06/23 09:20:38 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data [2005/11/23 05:00:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities [2006/06/23 09:18:23 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft [2006/06/23 09:22:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView [2006/06/23 09:20:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver [2009/04/24 19:49:22 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data [2007/11/28 11:52:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2006/08/07 19:23:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL [2009/02/13 21:49:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple [2009/02/13 21:50:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2006/08/07 20:40:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink [2007/04/18 19:30:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes [2009/04/23 22:34:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET [2008/07/20 19:16:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google [2009/04/24 19:49:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LastSun Ltd [2006/06/23 09:29:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee [2006/11/12 13:48:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com [2006/10/06 19:27:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall [2008/11/10 21:55:04 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2007/07/12 22:44:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mozilla [2006/08/07 19:27:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster [2006/06/23 09:02:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism Deploy [2006/06/23 09:19:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks [2006/08/11 19:17:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime [2007/04/18 19:13:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft [2009/04/23 20:20:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2008/03/26 09:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2009/04/23 22:07:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec [2006/06/23 09:19:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2006/08/07 20:49:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2007/01/24 22:41:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2006/06/23 09:20:38 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data [2005/11/23 05:00:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Identities [2006/06/23 09:18:23 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Application Data\Microsoft [2006/06/23 09:22:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView [2006/06/23 09:20:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver [2006/08/07 19:36:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data [2006/08/07 19:36:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall [2008/07/19 19:22:17 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2005/11/23 05:04:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data [2005/11/23 05:04:27 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2009/05/23 15:11:46 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Application Data [2008/12/21 18:53:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Application Data\Adobe [2007/11/28 11:56:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Application Data\AdobeUM [2007/04/19 20:21:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Application Data\CyberLink [2009/03/08 20:05:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Application Data\DivX [2006/09/16 19:56:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Application Data\Google [2005/11/23 05:00:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Application Data\Identities [2006/08/07 19:58:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Application Data\Macromedia [2006/08/20 07:37:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Application Data\McAfee.com Personal Firewall [2008/10/08 19:42:53 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Application Data\Microsoft [2008/03/26 15:43:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Application Data\Mozilla [2008/04/25 12:55:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Application Data\Real [2006/06/23 09:22:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Application Data\SampleView [2007/04/18 19:22:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Application Data\SlySoft [2007/10/07 20:54:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Application Data\Sun [2008/03/26 15:44:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Application Data\Talkback [2007/04/18 16:44:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Application Data\WinRAR [2006/06/23 09:20:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Application Data\You've Got Pictures Screensaver [2009/04/28 23:01:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2004/08/10 15:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/06/01 01:26:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [2009/06/01 01:26:57 | 00,000,290 | -H-- | M] () -- C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job [color=orange]========== Purity Check ==========[/color] < End of report > Extras.Txt ------ OTListIt Extras logfile created on: 6/1/2009 1:45:50 AM - Run 1 OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Owner.YOUR-DDD76B06BE\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.94 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 72.17% Memory free 2.79 Gb Paging File | 2.38 Gb Available in Paging File | 85.55% Paging File free Paging file location(s): C:\pagefile.sys 1024 4096 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 67.68 Gb Total Space | 18.97 Gb Free Space | 28.03% Space Free | Partition Type: NTFS Drive D: | 6.83 Gb Total Space | 4.77 Gb Free Space | 69.83% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-DDD76B06BE Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Output = Minimal File Age = 30 Days Company Name Whitelist: On [color=orange]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [color=orange]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall" = 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 [color=orange]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation) %windir%\system32\drivers\svchost.exe:*:Enabled:svchost File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader (America Online, Inc.) C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL File not found C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL File not found C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon File not found C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed File not found C:\Program Files\Common Files\AOL\1151068753\EE\AOLServiceHost.exe:*:Enabled:AOL File not found C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL File not found C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL File not found C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL File not found C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL File not found C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation) %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation) C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary (Sun Microsystems, Inc.) %windir%\system32\drivers\svchost.exe:*:Enabled:svchost File not found [color=orange]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{2EEBAC31-3EEF-4118-91CB-1A286A507DB2}" = ESET NOD32 Antivirus "{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0 "{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0 "{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "360Share Pro" = 360Share Pro(remove only) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "All ATI Software" = ATI - Software Uninstall Utility "AnyDVD" = AnyDVD "ATI Display Driver" = ATI Display Driver "Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter "CCleaner" = CCleaner (remove only) "CloneCD" = CloneCD "CloneDVD2" = CloneDVD2 "CNXT_AUDIO" = Conexant AC-Link Audio "CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_0300107B" = Soft Data Fax Modem with SmartCP "ERUNT_is1" = ERUNT 1.1j "gtw_logo" = gtw_logo "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers. "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006 "RealPlayer 6.0" = RealPlayer "SynTPDeinstKey" = Synaptics Pointing Device Driver "ViewpointMediaPlayer" = Viewpoint Media Player "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 [color=orange]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 5/31/2009 10:28:44 PM | Computer Name = YOUR-DDD76B06BE | Source = .NET Runtime | ID = 0 Description = Error - 5/31/2009 10:41:21 PM | Computer Name = YOUR-DDD76B06BE | Source = .NET Runtime | ID = 0 Description = Error - 5/31/2009 11:07:06 PM | Computer Name = YOUR-DDD76B06BE | Source = .NET Runtime | ID = 0 Description = Error - 5/31/2009 11:18:15 PM | Computer Name = YOUR-DDD76B06BE | Source = .NET Runtime | ID = 0 Description = Error - 5/31/2009 11:31:26 PM | Computer Name = YOUR-DDD76B06BE | Source = .NET Runtime | ID = 0 Description = Error - 6/1/2009 12:36:10 AM | Computer Name = YOUR-DDD76B06BE | Source = .NET Runtime | ID = 0 Description = Error - 6/1/2009 12:43:39 AM | Computer Name = YOUR-DDD76B06BE | Source = .NET Runtime | ID = 0 Description = Error - 6/1/2009 12:46:55 AM | Computer Name = YOUR-DDD76B06BE | Source = .NET Runtime | ID = 0 Description = Error - 6/1/2009 1:27:16 AM | Computer Name = YOUR-DDD76B06BE | Source = .NET Runtime | ID = 0 Description = Error - 6/1/2009 1:45:26 AM | Computer Name = YOUR-DDD76B06BE | Source = Application Hang | ID = 1002 Description = Hanging application OTListIt2.exe, version 2.0.15.8, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 5/31/2009 11:44:42 PM | Computer Name = YOUR-DDD76B06BE | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 5/31/2009 11:45:25 PM | Computer Name = YOUR-DDD76B06BE | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AmdK8 ehdrv ElbyCDIO Fips Error - 6/1/2009 12:33:48 AM | Computer Name = YOUR-DDD76B06BE | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error - 6/1/2009 12:34:54 AM | Computer Name = YOUR-DDD76B06BE | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 6/1/2009 12:36:40 AM | Computer Name = YOUR-DDD76B06BE | Source = DCOM | ID = 10010 Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout. Error - 6/1/2009 12:44:09 AM | Computer Name = YOUR-DDD76B06BE | Source = DCOM | ID = 10010 Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout. Error - 6/1/2009 12:47:25 AM | Computer Name = YOUR-DDD76B06BE | Source = DCOM | ID = 10010 Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout. Error - 6/1/2009 12:47:51 AM | Computer Name = YOUR-DDD76B06BE | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume. Error - 6/1/2009 1:27:46 AM | Computer Name = YOUR-DDD76B06BE | Source = DCOM | ID = 10010 Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout. Error - 6/1/2009 1:32:12 AM | Computer Name = YOUR-DDD76B06BE | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume. < End of report >