Malwarebytes' Anti-Malware 1.40 Database version: 2688 Windows 5.1.2600 Service Pack 3 8/24/2009 10:58:53 AM mbam-log-2009-08-24 (10-58-53).txt Scan type: Quick Scan Objects scanned: 113519 Time elapsed: 17 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) --------------------------------------------------------------------------------------------------------- ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2009/08/24 11:21 Program Version: Version 1.3.3.0 Windows Version: Windows XP Media Center Edition SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xAE770000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYSOTL logfile created on: 8/24/2009 11:24:53 AM - Run 1 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Administrator.JUSTIN.001\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.50 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 70.80% Memory free 2.11 Gb Paging File | 1.77 Gb Available in Paging File | 84.06% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 147.25 Gb Total Space | 120.91 Gb Free Space | 82.12% Space Free | Partition Type: NTFS Drive D: | 5.40 Gb Total Space | 0.67 Gb Free Space | 12.39% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JUSTIN Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe PRC - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe PRC - [2008/04/13 18:12:18 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2007/06/08 03:05:51 | 00,598,960 | ---- | M] ( ) -- C:\WINDOWS\System32\lxdmcoms.exe PRC - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe PRC - [2007/11/16 19:34:26 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe PRC - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe PRC - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe PRC - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe PRC - [2009/07/08 13:43:40 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe PRC - [2009/07/10 03:26:42 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe PRC - [2009/07/08 14:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe PRC - [2002/11/18 23:15:00 | 00,065,536 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2007/09/19 19:31:55 | 01,247,600 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe PRC - [2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe PRC - [2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2009/07/10 00:26:20 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [1998/05/07 18:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\windows\system\hpsysdrv.exe PRC - [2002/10/25 17:33:46 | 00,069,632 | ---- | M] (MyComp) -- C:\Program Files\USB Storage RW\shwicon.exe PRC - [2003/01/22 04:04:00 | 00,040,960 | ---- | M] (VM.) -- C:\WINDOWS\VM_STI.EXE PRC - [2007/07/06 10:53:08 | 00,455,344 | ---- | M] () -- C:\Program Files\Lexmark 5000 Series\lxdmmon.exe PRC - [2007/06/01 14:06:09 | 00,020,480 | ---- | M] () -- C:\Program Files\Lexmark 5000 Series\lxdmamon.exe PRC - File not found -- PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009/07/08 13:11:52 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe PRC - [2009/02/06 04:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe PRC - [2009/08/24 11:23:19 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.JUSTIN.001\Desktop\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found -- -- (0037781250754110mcinstcleanup [Auto | Stopped]) SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [Auto | Running]) SRV - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running]) SRV - [2008/04/13 18:12:18 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running]) SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2008/04/13 18:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) SRV - [2006/10/30 08:36:32 | 00,492,608 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped]) SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2007/06/08 03:05:43 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdmserv.exe -- (lxdmCATSCustConnectService [Auto | Stopped]) SRV - [2007/06/08 03:05:51 | 00,598,960 | ---- | M] ( ) -- C:\WINDOWS\System32\lxdmcoms.exe -- (lxdm_device [Auto | Running]) SRV - [2009/07/08 20:22:22 | 00,068,112 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor [On_Demand | Stopped]) SRV - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running]) SRV - [2007/11/16 19:34:26 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService [Auto | Running]) SRV - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running]) SRV - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running]) SRV - [2009/07/08 15:15:04 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped]) SRV - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running]) SRV - [2009/07/08 13:43:40 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running]) SRV - [2009/07/08 13:11:52 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running]) SRV - [2009/07/10 03:26:42 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running]) SRV - [2009/07/08 14:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service [Auto | Running]) SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2002/11/18 23:15:00 | 00,065,536 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2002/08/29 06:00:00 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipxsap.dll -- (NwSapAgent [Auto | Running]) SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2007/09/19 19:31:55 | 01,247,600 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running]) SRV - [2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped]) SRV - [2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped]) SRV - [2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running]) SRV - [2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Running]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_bak = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/07/23 14:16:25 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/07 15:57:58 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/24 11:06:43 | 00,000,000 | ---D | M] O1 HOSTS File: (7109 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost #***Inserted By STOPzilla*** O1 - Hosts: 127.0.0.1 2005-search.com # ***Inserted By STOPzilla*** O1 - Hosts: 127.0.0.1 600pics.com # ***Inserted By STOPzilla*** O1 - Hosts: 127.0.0.1 a1.interclick.com # ***Inserted By STOPzilla*** O1 - Hosts: 127.0.0.1 absolutepics.net # ***Inserted By STOPzilla*** O1 - Hosts: 127.0.0.1 ad.yieldmanager.com # ***Inserted By STOPzilla*** O1 - Hosts: 127.0.0.1 all-tgp.org # ***Inserted By STOPzilla*** O1 - Hosts: 127.0.0.1 all-websearch.com # ***Inserted By STOPzilla*** O1 - Hosts: 127.0.0.1 apps.deskwizz.com # ***Inserted By STOPzilla*** O1 - Hosts: 127.0.0.1 awmdabest.com # ***Inserted By STOPzilla*** O1 - Hosts: 127.0.0.1 b.casalemedia.com # ***Inserted By STOPzilla*** O1 - Hosts: 127.0.0.1 bailefunk.com # ***Inserted By STOPzilla*** O1 - Hosts: 127.0.0.1 best4all.net # ***Inserted By STOPzilla*** O1 - Hosts: 127.0.0.1 besthardcore.net # ***Inserted By STOPzilla*** O1 - Hosts: 127.0.0.1 bn.i-ru.net # ***Inserted By STOPzilla*** O1 - Hosts: 127.0.0.1 bundleware.com # ***Inserted By STOPzilla*** O1 - Hosts: 127.0.0.1 campaigns.interclick.com # ***Inserted By STOPzilla*** O1 - Hosts: 127.0.0.1 code.jcash.biz # ***Inserted By STOPzilla*** O1 - Hosts: 127.0.0.1 content.dollarrevenue.com # ***Inserted By STOPzilla*** O1 - Hosts: 127.0.0.1 content.exetraffic.com # ***Inserted By STOPzilla*** O1 - Hosts: 127.0.0.1 coolwebsearch.com # ***Inserted By STOPzilla*** O1 - Hosts: 127.0.0.1 cumhereteens.com # ***Inserted By STOPzilla*** O1 - Hosts: 127.0.0.1 dedmazai.com # ***Inserted By STOPzilla*** O1 - Hosts: 127.0.0.1 download.abetterinternet.com # ***Inserted By STOPzilla*** O1 - Hosts: 127.0.0.1 faccesborrate.com # ***Inserted By STOPzilla*** O1 - Hosts: 80 more lines... O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll () O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No CLSID value found. O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O3 - HKLM\..\Toolbar: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [AutoTBar] C:\hp\bin\autotbar.exe File not found O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (VM.) O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [KYE_Showicon] File not found O4 - HKLM..\Run: [Lexmark 5000 Series Fax Server] C:\Program Files\Lexmark 5000 Series\fm3032.exe () O4 - HKLM..\Run: [lxdmamon] C:\Program Files\Lexmark 5000 Series\lxdmamon.exe () O4 - HKLM..\Run: [lxdmmon.exe] C:\Program Files\Lexmark 5000 Series\lxdmmon.exe () O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.) O4 - HKLM..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe (Fellowes, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [systeminfors] C:\WINDOWS\System32\winer.exe () O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.) O4 - HKCU..\Run: [Acme.PCHButton] C:\Program Files\HP Instant Support\plugin\bin\PCHButton.exe (Motive Communications, Inc.) O4 - Startup: C:\Documents and Settings\Administrator.JUSTIN.001\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [ [binary data] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/05/28 22:28:31 | 00,000,000 | ---D | M] O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/05/28 22:28:31 | 00,000,000 | ---D | M] O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/05/28 22:28:31 | 00,000,000 | ---D | M] O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/05/28 22:28:31 | 00,000,000 | ---D | M] O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} http://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab (SysData Class) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by135fd.bay135.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {5468A766-6749-4EC5-8F7A-5D47EE8FE646} http://www.x2game.com/Control/ConnectControl.Cab (ConnectControl Control) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {79419762-2D03-48F8-A63E-0544D95143DE} http://www.x2game.com/Control/AutoPatchOCX.cab (AutoPatchOCX Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2) O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} http://dl.sayclub.com/sayclub/sayctl/sayax.cab (session Class) O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab (Reg Error: Key error.) O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab (Yahoo! Photos Easy Upload Tool Class) O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_2_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} https://care.windstream.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab (SecurityManager Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DAAD8E43-FAC2-41DD-8F02-9D2BD626F4BB} http://chat.saram.net/avchat/AVChat_InstProj1.cab (AVChat_Inst Control) O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player) O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab (Yahoo! Toolbar) O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} https://care.windstream.com/lwp/static/installers/ALLTELControls.cab (ConnectivityTester Class) O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://chat.msn.com/bin/msnchat45.cab (MSN Chat Control 4.5) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003/01/30 21:58:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2002/09/11 04:02:32 | 00,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ] O33 - MountPoints2\{263f49cb-e792-11dd-9e98-0010dcab6640}\Shell - "" = AutoRun O33 - MountPoints2\{263f49cb-e792-11dd-9e98-0010dcab6640}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{263f49cb-e792-11dd-9e98-0010dcab6640}\Shell\AutoRun\command - "" = K:\DPFMate.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found NetSvcs: 6to4 - Service key not found. File not found NetSvcs: Ias - Service key not found. File not found NetSvcs: Iprip - Service key not found. File not found NetSvcs: Irmon - Service key not found. File not found NetSvcs: NWCWorkstation - Service key not found. File not found NetSvcs: Nwsapagent - C:\WINDOWS\System32\ipxsap.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - Service key not found. File not found NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) [color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color] [2009/08/24 11:23:13 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.JUSTIN.001\Desktop\OTL.exe [2009/08/22 19:22:41 | 00,042,253 | ---- | C] () -- C:\Documents and Settings\Administrator.JUSTIN.001\Desktop\me.jpg [2009/08/16 13:17:04 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat [2009/08/16 03:08:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer [2009/08/16 03:07:54 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild [2009/08/16 03:07:40 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies [2009/08/16 03:06:43 | 00,000,000 | ---D | C] -- C:\45b5f4261848e6465708605e2bb3 [2009/08/16 03:06:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel [2009/08/14 08:38:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JUSTIN.001\Desktop\Mobile pics [2009/08/11 16:36:10 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Administrator.JUSTIN.001\My Documents\Colt Ballinger.doc [color=#E56717]========== Files - Modified Within 14 Days ==========[/color] [2009/08/24 11:23:19 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.JUSTIN.001\Desktop\OTL.exe [2009/08/24 11:12:32 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/08/24 11:11:52 | 00,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat [2009/08/24 11:11:51 | 00,011,249 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF [2009/08/24 11:10:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/08/24 11:10:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/08/24 11:10:01 | 00,028,740 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000009-00001102-00000004-00541102}.rfx [2009/08/24 11:10:01 | 00,028,740 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000009-00001102-00000004-00541102}.rfx [2009/08/24 11:10:01 | 00,026,640 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000009-00001102-00000004-00541102}.rfx [2009/08/24 11:10:01 | 00,026,640 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000004-00541102}.rfx [2009/08/24 11:10:01 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2009/08/24 11:10:01 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2009/08/24 11:10:01 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000004-00541102}.dat [2009/08/24 11:10:01 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000009-00001102-00000004-00541102}.dat [2009/08/22 19:18:30 | 00,042,253 | ---- | M] () -- C:\Documents and Settings\Administrator.JUSTIN.001\Desktop\me.jpg [2009/08/17 03:02:37 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/08/16 09:08:46 | 00,267,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/08/16 03:12:46 | 00,507,308 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/08/16 03:12:46 | 00,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/08/16 03:12:46 | 00,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/08/15 05:14:24 | 00,000,912 | ---- | M] () -- C:\WINDOWS\win.ini [2009/08/15 05:14:24 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009/08/15 05:14:24 | 00,000,207 | -HS- | M] () -- C:\boot.ini [2009/08/15 02:05:21 | 00,000,356 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job [2009/08/11 16:36:10 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\Administrator.JUSTIN.001\My Documents\Colt Ballinger.doc [color=#E56717]========== LOP Check ==========[/color] [2009/07/29 12:58:08 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data [2008/03/05 07:20:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\5000 Series [2003/05/09 07:23:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\ArcSoft [2003/05/20 18:31:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\Corel [2007/10/07 22:51:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\Earthlink [2006/07/31 17:13:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\Firaxis Games [2003/01/18 06:23:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\InterTrust [2003/04/20 09:52:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\InterVideo [2008/04/18 09:13:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\Intuit [2008/03/07 09:57:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\Lexmark Productivity Studio [2008/06/04 20:23:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\LimeWire [2004/06/15 19:12:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\Motive [2009/05/27 17:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\Move Networks [2003/07/06 16:03:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\MSN6 [2006/07/31 17:25:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\My Games [2006/08/29 17:44:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\PureEdge [2003/01/18 06:23:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\SampleView [2003/01/18 06:23:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\Share-to-Web Upload Folder [2006/08/14 08:02:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\STOPzilla! [2004/02/04 03:31:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\Ulead Systems [2003/01/18 06:23:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\VERITAS [2008/09/07 14:10:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\Viewpoint [2009/08/07 22:17:36 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data [2008/03/03 15:30:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5000 Series [2007/05/17 01:16:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2009/07/22 01:22:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix [2005/02/26 04:06:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes [2008/04/18 09:11:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit [2009/04/01 10:38:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive [2003/12/27 11:18:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.1.0207 [2003/05/02 01:51:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6 [2007/04/14 18:38:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge [2003/01/18 06:24:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI [2006/08/14 14:55:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla! [2008/07/28 21:16:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R [2004/04/29 20:00:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2002/08/29 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/08/15 02:05:21 | 00,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job [2009/08/01 01:15:21 | 00,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job [2009/08/24 11:10:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2005/10/31 09:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe [color=#A23BEC]< %systemroot%\system32\eventlog.dll >[/color] [2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< %systemroot%\system32\scecli.dll >[/color] [2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll [color=#A23BEC]< %systemroot%\netlogon.dll >[/color] [color=#A23BEC]< %systemroot%\system32\cngaudit.dll >[/color] [color=#A23BEC]< %systemroot%\system32\sceclt.dll >[/color] [color=#A23BEC]< %systemroot%\ntelogon.dll >[/color] [color=#A23BEC]< %systemroot%\system32\logevent.dll >[/color] [color=#A23BEC]< >[/color] < End of report > ----------------------------------------------------------------------------------------- OTL Extras logfile created on: 8/24/2009 11:24:53 AM - Run 1 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Administrator.JUSTIN.001\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.50 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 70.80% Memory free 2.11 Gb Paging File | 1.77 Gb Available in Paging File | 84.06% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 147.25 Gb Total Space | 120.91 Gb Free Space | 82.12% Space Free | Partition Type: NTFS Drive D: | 5.40 Gb Total Space | 0.67 Gb Free Space | 12.39% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JUSTIN Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 "DoNotAllowExceptions" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "8097:TCP" = 8097:TCP:*:Enabled:EarthLink UHP Modem Support [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BearShare\BearShare.exe" = C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare -- File not found "C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found "C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found "C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe" = C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe:*:Enabled:bfvietnam -- File not found "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation) "C:\Program Files\Activision\Empires Dawn of the Modern World\Empires_DMW.exe" = C:\Program Files\Activision\Empires Dawn of the Modern World\Empires_DMW.exe:*:Disabled:Empires_DMW -- File not found "C:\Program Files\EA GAMES\MOHAA\MOHAA.exe" = C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault -- File not found "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found "C:\WINDOWS\system32\lxdmcoms.exe" = C:\WINDOWS\system32\lxdmcoms.exe:*:Enabled:Lexmark Communications System -- ( ) "C:\Program Files\Lexmark 5000 Series\lxdmamon.exe" = C:\Program Files\Lexmark 5000 Series\lxdmamon.exe:*:Enabled:Lexmark Device Monitor -- () "C:\Program Files\Lexmark 5000 Series\frun.exe" = C:\Program Files\Lexmark 5000 Series\frun.exe:*:Enabled:Lexmark Productivity Studio -- () "C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe" = C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader -- (ABBYY (BIT Software)) "C:\Program Files\Lexmark 5000 Series\LXDMFax.exe" = C:\Program Files\Lexmark 5000 Series\LXDMFax.exe:*:Enabled:Fax software -- () "C:\Program Files\Lexmark 5000 Series\lxdmmon.exe" = C:\Program Files\Lexmark 5000 Series\lxdmmon.exe:*:Enabled:Printer Device Monitor -- () "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmpswx.exe:*:Enabled:Printer Status Window Interface -- () "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmtime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.) "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdmjswx.exe:*:Enabled:Job Status Window Interface -- () "C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- File not found "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation) "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07295ABF-1245-415A-BE06-863271753443}" = ShowBiz "{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306 "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = RecordNow Update Manager "{0DCFC7D5-8608-478C-8082-1FF848B978AF}" = USB Storage RW "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth "{1EEE2A9F-6471-42fa-8923-E8879168CE26}" = HP Photo and Imaging 1.1 - Photosmart Cameras "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 15 "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008 "{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01 "{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}" = LebecaWeb Camera Driver "{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes "{47D4AF7B-EDE6-4ADB-8D2F-0BDA25C7321F}" = HP Digital Imaging Album Printing 1.0 "{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger "{50D8FFDD-90CD-4859-841F-AA1961C7767A}" = QuickTime "{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = MyDVD "{60E971B7-51A0-48CA-8687-C6B8F094A409}" = Simple Backup for My Pictures "{6CAEFA23-0C08-4899-A661-29D69228AF6D}" = HP Memories Disc "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77F9D52A-C8D7-4FE8-8510-19FC6CF75BC3}" = Access Drivers "{8214CC02-6271-4DC8-B8DD-779933450264}" = RecordNow "{82AF77BC-423D-42DA-BE5B-FFCA04752181}" = MediaFACE 4.01 Image Library "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) 82845G Graphics Driver Software "{8D5D99B8-DFA2-4018-ADE9-A6B83E655C65}" = "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{9115E7DB-3B29-445A-802D-11E0AA945B7F}" = Sound Blaster Audigy "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player "{99755640-9633-11D5-AB3C-0050DAB311CC}" = InterVideo MP3 XPack "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}" = Apple Software Update "{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer "{AC18A517-7978-42CB-817C-CE85892DC307}" = Decoder "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B4E03835-FB8B-458A-A1FB-8CDE5424BE66}" = Sid Meier's Civilization 4 "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools "{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E62C706B-1352-4DCA-B4D4-81C24750B70F}" = Detto IntelliMover Demo "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "ArcSoft Software Suite" = ArcSoft Software Suite "BackWeb-137903 Uninstaller" = hp center "Creative Driver" = Creative Driver "Easy Chef's Million Recipes" = Easy Chef's Million Recipes "ERUNT_is1" = ERUNT 1.1j "hp instant support" = HP Instant Support "HPTOOLKIT" = hp toolkit "HTMLKit_is1" = HTML-Kit "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "Inactive HP Printer Drivers (Remove only)" = Inactive HP Printer Drivers (Remove only) "InstallShield_{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01 "InstallShield_{82AF77BC-423D-42DA-BE5B-FFCA04752181}" = MediaFACE 4.01 Image Library "InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility "InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28 "Lexmark 5000 Series" = Lexmark 5000 Series "M1 Tank Platoon II" = M1 Tank Platoon II "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSC" = McAfee SecurityCenter "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA" = NVIDIA Windows 2000/XP Display Drivers "PCDoctor" = PC-Doctor for Windows "Windows XP Service Pack" = Windows XP Service Pack 3 "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Customizations" = Yahoo! Browser Services "Yahoo! Internet Mail" = Yahoo! Internet Mail "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Messenger Explorer Bar" = Yahoo! Messenger Explorer Bar "Yahoo! Photos Drag-Drop Uploader 1v3" = Yahoo! Photos Easy Upload Tool 1v3 "Yahoo! Search Defender" = Yahoo! Search Protection "Yahoo! Software Update" = Yahoo! Software Update "YInstHelper" = Yahoo! Install Manager [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4 "Move Media Player" = Move Media Player "Sun Download Manager 2.0 (web)" = Sun Download Manager 2.0 (web) [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 7/23/2009 12:28:22 AM | Computer Name = JUSTIN | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 7.0.6000.16850, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 7/23/2009 11:30:00 AM | Computer Name = JUSTIN | Source = McLogEvent | ID = 5051 Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated. Thread id : 2460 (0x99c) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.430 / 5301.4018 Object being scanned = \Device\HarddiskVolume2\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll by C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) Error - 7/23/2009 11:31:42 AM | Computer Name = JUSTIN | Source = McLogEvent | ID = 5004 Description = Could not contact Filter Driver. Error = 0x1 : Incorrect function. Error - 7/23/2009 7:42:12 PM | Computer Name = JUSTIN | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 7.0.6000.16850, faulting module ieframe.dll, version 7.0.6000.16850, fault address 0x00087ae8. Error - 7/26/2009 5:58:50 PM | Computer Name = JUSTIN | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 7.0.6000.16850, faulting module ieframe.dll, version 7.0.6000.16850, fault address 0x00087ae8. Error - 7/29/2009 3:48:19 PM | Computer Name = JUSTIN | Source = McLogEvent | ID = 5051 Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated. Thread id : 2304 (0x900) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.430 / 5301.4018 Object being scanned = \Device\HarddiskVolume2\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll by C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) Error - 8/7/2009 2:17:13 PM | Computer Name = JUSTIN | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 7.0.6000.16876, faulting module ieframe.dll, version 7.0.6000.16890, fault address 0x00087b60. Error - 8/13/2009 1:34:50 AM | Computer Name = JUSTIN | Source = Application Error | ID = 1000 Description = Faulting application yahoomessenger.exe, version 9.0.0.2162, faulting module msvcr80.dll, version 8.0.50727.1433, fault address 0x0000ed53. Error - 8/15/2009 1:17:00 AM | Computer Name = JUSTIN | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x18a5b1b6. Error - 8/24/2009 4:13:42 AM | Computer Name = JUSTIN | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module flash10b.ocx, version 10.0.22.87, fault address 0x00077650. [ System Events ] Error - 8/24/2009 6:19:01 AM | Computer Name = JUSTIN | Source = Service Control Manager | ID = 7000 Description = The HP Pci Information service failed to start due to the following error: %%3 Error - 8/24/2009 6:19:01 AM | Computer Name = JUSTIN | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Windows Image Acquisition (WIA) service to connect. Error - 8/24/2009 6:19:01 AM | Computer Name = JUSTIN | Source = Service Control Manager | ID = 7000 Description = The Windows Image Acquisition (WIA) service failed to start due to the following error: %%1053 Error - 8/24/2009 6:19:01 AM | Computer Name = JUSTIN | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Symantec Core LC service to connect. Error - 8/24/2009 6:19:01 AM | Computer Name = JUSTIN | Source = Service Control Manager | ID = 7000 Description = The Symantec Core LC service failed to start due to the following error: %%1053 Error - 8/24/2009 6:19:01 AM | Computer Name = JUSTIN | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: szkg Error - 8/24/2009 1:11:21 PM | Computer Name = JUSTIN | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the lxdmCATSCustConnectService service to connect. Error - 8/24/2009 1:11:21 PM | Computer Name = JUSTIN | Source = Service Control Manager | ID = 7000 Description = The lxdmCATSCustConnectService service failed to start due to the following error: %%1053 Error - 8/24/2009 1:11:21 PM | Computer Name = JUSTIN | Source = Service Control Manager | ID = 7000 Description = The HP Pci Information service failed to start due to the following error: %%3 Error - 8/24/2009 1:11:32 PM | Computer Name = JUSTIN | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: szkg < End of report > Address: 0xF7A01000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xACF92000 Size: 49152 File Visible: No Signed: - Status: - ==EOF== ------------------------------------------------------------------------------