Malwarebytes' Anti-Malware 1.40
Database version: 2711
Windows 5.1.2600 Service Pack 3
8/28/2009 5:46:53 PM
mbam-log-2009-08-28 (17-46-53).txt
Scan type: Quick Scan
Objects scanned: 141193
Time elapsed: 9 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\gamevancetext.linker (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gamevancetext.linker.1 (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/29 14:16
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB4D77000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5E0000 Size: 8192 File Visible: No Signed: -
Status: -
Name: PCI_PNP9156
Image Path: \Driver\PCI_PNP9156
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB36F4000 Size: 49152 File Visible: No Signed: -
Status: -
Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: spun.sys
Image Path: spun.sys
Address: 0xB9EA6000 Size: 1052672 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb5010f4a
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb4de76b8
#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb5010454
#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb5010aee
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb4de7574
#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb5010132
#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb50121d6
#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb50124ae
#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb500fcf8
#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb5011130
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb4de7a52
#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb4de714c
#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spun.sys" at address 0xb9ec5ca4
#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spun.sys" at address 0xb9ec6032
#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb5011e58
#: 105 Function Name: NtMakeTemporaryObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb50106d8
#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb5010d32
#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb4de764e
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb4de708c
#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb5010968
#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb4de70f0
#: 160 Function Name: NtQueryKey
Status: Hooked by "spun.sys" at address 0xb9ec610a
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb4de776e
#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb501188c
#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb5010250
#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb4de772e
#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb5011bf4
#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb5012006
#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb4de78ae
#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb5010672
#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb501085c
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xb4ea40b0
#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb500feca
==EOF==
OTL logfile created on: 8/29/2009 2:30:46 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Big Momma\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4880 4880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.14 Gb Total Space | 151.08 Gb Free Space | 66.22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DGQSQS91
Current User Name: Big Momma
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/08/27 18:47:26 | 00,715,392 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2009/08/17 08:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/17 09:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2001/11/23 01:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brsvc01a.exe
PRC - [2001/12/13 01:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brss01a.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2003/05/05 20:30:22 | 00,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\Brmfrmps.exe
PRC - [1999/12/13 05:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe
PRC - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 11:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/06/19 21:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2007/08/09 00:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2006/09/07 14:24:34 | 00,086,016 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
PRC - [2009/08/17 09:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/17 09:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/04/13 17:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/09/07 14:23:18 | 00,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\sttray.exe
PRC - [2009/08/17 09:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/08/27 18:48:52 | 01,796,368 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2007/03/09 20:21:11 | 01,591,808 | ---- | M] (YourWare Solutions ) -- C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
PRC - [2009/08/07 18:47:37 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2003/08/29 19:05:35 | 00,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 00,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [2009/08/28 16:22:13 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Big Momma\My Documents\Downloads\OTL.exe
PRC - [2009/02/06 03:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
========== Win32 Services (SafeList) ==========
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/17 08:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/08/17 09:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/08/17 09:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/08/17 09:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2003/05/05 20:30:22 | 00,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps [Auto | Running])
SRV - [2001/11/23 01:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\System32\brsvc01a.exe -- (Brother XP spl Service [Auto | Running])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/08/27 18:47:26 | 00,715,392 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent [Auto | Running])
SRV - [2006/04/12 09:55:05 | 00,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service [On_Demand | Stopped])
SRV - [1999/12/13 05:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 11:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/03/03 14:53:08 | 00,033,176 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2009/03/24 05:41:13 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005/08/05 11:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Stopped])
SRV - [2003/06/19 21:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004/08/10 02:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2005/05/03 22:04:28 | 09,150,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -- (MSSQL$MICROSOFTSMLBIZ [Disabled | Stopped])
SRV - [2005/05/03 20:50:28 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2004/11/19 09:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/09/17 09:07:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Stopped])
SRV - [2003/07/28 10:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/08/09 00:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2005/05/03 19:42:56 | 00,323,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTSMLBIZ [Disabled | Stopped])
SRV - [2006/09/07 14:24:34 | 00,086,016 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe -- (STacSV [Auto | Running])
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Stopped])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.co...l={SUB_RFC1766}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.att.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-us.start.m...en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.0
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: numpadtyping@tomkennedy:1.4.0
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.2.0.2
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..extensions.enabledItems: {d3d70bca-2d54-425e-b02c-b7e2f4b07688}:3.5
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/30 17:32:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/22 19:32:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/25 11:01:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/08 12:05:59 | 00,000,000 | ---D | M]
[2008/07/01 17:08:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Extensions
[2008/07/01 17:08:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/29 14:29:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions
[2009/07/01 19:28:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/28 09:40:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/06/10 15:16:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/07/22 18:07:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2009/01/24 11:00:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2009/08/26 18:03:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/07/22 18:05:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688}
[2008/08/25 19:32:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions\[email protected]
[2007/10/23 17:00:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\mozilla\Firefox\Profiles\pf2aigho.default\extensions\numpadtyping@tomkennedy
[2008/05/28 10:51:35 | 00,001,643 | ---- | M] () -- C:\Documents and Settings\Big Momma\Application Data\Mozilla\FireFox\Profiles\pf2aigho.default\searchplugins\isohuntBT.xml
[2006/05/13 17:07:22 | 00,000,228 | ---- | M] () -- C:\Documents and Settings\Big Momma\Application Data\Mozilla\FireFox\Profiles\pf2aigho.default\searchplugins\R00##astalavista.png
[2009/08/26 21:09:10 | 00,001,100 | ---- | M] () -- C:\Documents and Settings\Big Momma\Application Data\Mozilla\FireFox\Profiles\pf2aigho.default\searchplugins\R00%23%23astalavista.xml
[2006/05/06 08:50:02 | 00,000,746 | ---- | M] () -- C:\Documents and Settings\Big Momma\Application Data\Mozilla\FireFox\Profiles\pf2aigho.default\searchplugins\R01##IMDB.png
[2008/06/27 15:59:14 | 00,000,908 | ---- | M] () -- C:\Documents and Settings\Big Momma\Application Data\Mozilla\FireFox\Profiles\pf2aigho.default\searchplugins\R01%23%23IMDB.xml
[2006/05/13 17:13:20 | 00,000,465 | ---- | M] () -- C:\Documents and Settings\Big Momma\Application Data\Mozilla\FireFox\Profiles\pf2aigho.default\searchplugins\R02##vkol.png
[2006/05/06 08:50:05 | 00,000,232 | ---- | M] () -- C:\Documents and Settings\Big Momma\Application Data\Mozilla\FireFox\Profiles\pf2aigho.default\searchplugins\R03##wikipedia.png
[2008/06/27 15:59:15 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Big Momma\Application Data\Mozilla\FireFox\Profiles\pf2aigho.default\searchplugins\R03%23%23wikipedia.xml
[2008/06/27 15:59:15 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Big Momma\Application Data\Mozilla\FireFox\Profiles\pf2aigho.default\searchplugins\webster.xml
[2009/08/29 14:29:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/12/27 21:08:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/08/08 12:05:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/15 15:25:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/06/22 19:33:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/16 21:43:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/08/08 12:05:51 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/08 12:05:51 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2004/11/12 20:36:20 | 00,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/05/13 09:45:30 | 00,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npgcplug.dll
[2006/10/30 15:44:02 | 00,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/08/08 12:05:52 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/09/10 12:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2007/06/29 14:30:43 | 00,147,456 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll
[2009/07/01 19:48:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/01 19:48:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/01 19:48:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/01 19:48:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/01 19:48:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/01 19:48:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/01 19:48:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2005/04/27 13:10:49 | 00,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
[2008/09/10 12:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2008/09/15 12:52:06 | 00,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2005/08/09 11:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2007/03/09 16:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2009/07/22 18:39:40 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/22 18:39:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/22 18:39:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/22 18:39:40 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/22 18:39:40 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/22 18:39:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/22 18:39:40 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (303300 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10453 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions )
O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDef.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to sgmain.exe.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: netdimensions.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Delicious%202/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.2.100.cab (CDownloadCtrl Object)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {444785F1-DE89-4295-863A-D46C3A781394} http://webplayer.uni...tyWebPlayer.cab (UnityWebPlayer Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1147151022421 (MUWebControl Class)
O16 - DPF: {7B62F6EE-D046-11D3-9C5E-0060082627F7} https://ccentmail1m..../TWDownload.cab (TWDownloader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} http://a532.g.akamai...0/Installer.exe (Virtools WebPlayer Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Delicious%202/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.250.1 209.210.150.8 67.136.243.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{f914441a-293d-11de-ae9c-001372c25cac}\Shell - "" = AutoRun
O33 - MountPoints2\{f914441a-293d-11de-ae9c-001372c25cac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f914441a-293d-11de-ae9c-001372c25cac}\Shell\AutoRun\command - "" = J:\EasySuite.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: MHN - C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ==========
[1 C:\WINDOWS\*.tmp files]
[2009/08/29 11:31:20 | 00,001,717 | ---- | C] () -- C:\Documents and Settings\Big Momma\Desktop\sg_backup_2009-08-29-1131.spg
[2009/08/28 17:31:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Big Momma\Application Data\Malwarebytes
[2009/08/28 17:31:11 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/28 17:31:09 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/28 17:31:07 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/28 17:31:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/28 17:31:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/28 17:16:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/28 17:15:03 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Big Momma\Desktop\NTREGOPT.lnk
[2009/08/28 17:15:03 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Big Momma\Desktop\ERUNT.lnk
[2009/08/28 17:14:56 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/27 16:57:04 | 00,001,715 | ---- | C] () -- C:\Documents and Settings\Big Momma\Desktop\FirstBackup.spg
[2009/08/26 18:45:56 | 00,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
========== Files - Modified Within 14 Days ==========
[1 C:\WINDOWS\*.tmp files]
[2009/08/29 14:12:53 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/08/29 14:11:35 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/29 14:09:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/29 14:09:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/29 11:31:20 | 00,001,717 | ---- | M] () -- C:\Documents and Settings\Big Momma\Desktop\sg_backup_2009-08-29-1131.spg
[2009/08/28 17:31:11 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/28 17:15:03 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Big Momma\Desktop\NTREGOPT.lnk
[2009/08/28 17:15:03 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Big Momma\Desktop\ERUNT.lnk
[2009/08/28 17:15:00 | 00,000,398 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/08/27 18:52:21 | 00,179,792 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009/08/27 18:52:15 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/08/27 18:52:10 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/08/27 18:52:09 | 00,132,168 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/08/27 16:57:04 | 00,001,715 | ---- | M] () -- C:\Documents and Settings\Big Momma\Desktop\FirstBackup.spg
[2009/08/27 16:38:36 | 00,000,802 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/27 16:38:36 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/27 16:38:36 | 00,000,209 | RHS- | M] () -- C:\boot.ini
[2009/08/27 16:35:40 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/08/26 18:45:56 | 00,000,130 | ---- | M] () -- C:\WINDOWS\cfplogvw.INI
[2009/08/26 14:20:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/17 09:10:20 | 01,279,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/17 09:06:54 | 00,093,392 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/17 09:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/17 09:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/17 09:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/17 09:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/17 09:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/17 09:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/17 09:02:50 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
========== LOP Check ==========
[2009/08/28 17:31:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/04/14 07:01:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/02/19 06:46:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/03/21 14:54:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Beanbag Studios
[2007/01/23 23:37:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother
[2009/04/28 20:12:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008/10/21 14:42:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/01/09 07:54:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2006/10/30 17:17:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Knowledge Adventure
[2007/09/26 18:07:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/04/22 20:10:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MakeMusic
[2006/04/24 15:34:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2009/03/21 09:51:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/06/29 14:30:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2007/01/23 23:38:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/04/22 18:57:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/08/27 16:42:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/02 10:45:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Traverse PC
[2006/06/03 20:21:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/04/22 19:21:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/06/29 10:53:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2008/12/03 21:10:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2008/06/06 10:38:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/08/28 17:31:15 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Big Momma\Application Data
[2007/03/05 10:22:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\acccore
[2007/04/23 20:45:25 | 00,000,000 | R--D | M] -- C:\Documents and Settings\Big Momma\Application Data\Brother
[2006/04/12 10:07:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\Corel
[2006/04/19 17:16:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\Corel Photo Album
[2009/04/28 20:13:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\DAEMON Tools
[2009/04/28 20:13:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\DAEMON Tools Lite
[2006/06/18 22:26:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\DeskSoft
[2006/11/10 10:50:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\dvdcss
[2007/02/19 14:28:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\GetRightToGo
[2006/11/02 19:10:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\Incline Software
[2006/06/28 17:47:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\Leadertech
[2006/04/22 19:38:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\pe explorer
[2009/01/01 15:25:16 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Big Momma\Application Data\SecuROM
[2009/01/01 15:25:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\SPORE
[2007/03/27 16:55:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\System Requirements Lab
[2006/04/20 02:14:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\TrojanHunter
[2006/06/03 20:22:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\TuneUp Software
[2008/09/06 15:30:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\uTorrent
[2007/09/29 17:54:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Big Momma\Application Data\YanCEyDesktop
[2009/08/28 17:15:00 | 00,000,398 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2009/08/26 14:20:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/10 03:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/29 14:12:53 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/08/29 14:09:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\system32\eventlog.dll >
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
< %systemroot%\system32\scecli.dll >
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\netlogon.dll >
< %systemroot%\system32\cngaudit.dll >
< %systemroot%\system32\sceclt.dll >
< %systemroot%\ntelogon.dll >
< %systemroot%\system32\logevent.dll >
========== Alternate Data Streams ==========
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDFF58FE
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:943D6A82
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9F6664C
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1EFA64C2
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FBE0E9C
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A71BB9C
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B52F176
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74699137
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7BA09728
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:618849E3
< End of report >
OTL Extras logfile created on: 8/29/2009 2:30:46 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Big Momma\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4880 4880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.14 Gb Total Space | 151.08 Gb Free Space | 66.22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DGQSQS91
Current User Name: Big Momma
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Disabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0BA9CAC3-5131-4E59-B2AB-B765E876AAA2}" = Brother MFL-Pro Suite
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18E0918E-1060-48f3-925C-56C82E88551B}" = HP PSC & OfficeJet 3.5
"{1AC91509-E17B-46F7-A032-B54DCCA6E8BB}" = Microsoft Flight Simulator X Photo Scenery Display Update
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22988B2A-374A-4A7B-B795-A1AFF2046BE9}" = PhotoGallery
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 15
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder
"{47C25360-AEBC-4B21-B233-87CE653B3369}" = AIOMinimal
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{4E2CCBC7-6BBF-4907-9A33-C3BB77366863}" = Ancestral Quest Collaboration Support
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{55DCBED7-5710-4939-A928-4CBD9AB09EBB}" = 1310_Help
"{5786D2C8-A4C4-4DDB-B671-8ED2A53310EC}" = 1310Tour
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{62C71C1B-E0FB-11D4-9DB7-00B0D02AE94A}" = Personal Ancestral File 5 Lessons
"{6864A62D-3EF3-415F-9922-240EED34B4C0}" = Fax
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A136B9A-1895-436F-83F8-30D9C68BB6EA}" = Rhapsody Player Engine
"{6D1A0AB3-832B-4966-8A24-5A9A65CF9FFC}" = Ancestral Quest 11
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EE25F37-E4EC-44BD-8382-65BB3312BAE0}" = TPC Desktop 2008
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}" = Andrea VoiceCenter
"{91AFACB3-CA46-4C1E-AF2D-F72EE0B112E4}" = Personal Ancestral File Companion 5.2
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{99D48FBB-2DEF-49A9-BCC9-C5AF63DD2643}" = AiOSoftware
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEC20FEC-47D8-4DEA-85D7-0B7E5D905D11}" = AiO_Scan
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1" = AusLogics Registry Defrag
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E443F067-3345-482C-BD7A-12675A53D292}" = Readme
"{E5E6E687-1033-BA7E-6000-000000000001}" = Adobe Acrobat Elements 6.0
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F650704B-D32D-493F-B0C1-CB064782D19E}" = Dell Power Applet Update
"{F730A60D-F6DA-4653-9C6E-548F7A3A5EE0}" = 1310Trb
"{F9B0968A-810E-484C-B81D-7F19DC2CBBF5}" = 1310
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_6" = AIM 6
"AT&T Connection Services Software" = AT&T Worldnet Service
"avast!" = avast! Antivirus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Brother 1440" = Brother 1440
"BROWNIE" = Brownie
"CCleaner" = CCleaner (remove only)
"CleanUp!" = CleanUp!
"CloneCD" = CloneCD
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"COMODO Internet Security" = COMODO Internet Security
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"Deer Hunter 2005_is1" = Deer Hunter - The 2005 Season
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DirectXMediaRuntime" = DirectX Media Runtime 5.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ERUNT_is1" = ERUNT 1.1j
"filehippo.com" = filehippo.com Update Checker
"GameSpy Arcade" = GameSpy Arcade
"Golive2 Sphere 1.0.3" = Golive2 Sphere 1.0.3
"HP Photo & Imaging" = HP Image Zone 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IGN Download Manager" = IGN Download Manager 2.3.2
"InstallShield_{4E2CCBC7-6BBF-4907-9A33-C3BB77366863}" = Ancestral Quest Collaboration Support
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.4
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.7.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PDF-XChange 3_is1" = PDF-XChange 3.0
"Picasa 3" = Picasa 3
"PopCap Browser Plugin" = PopCap Browser Plugin
"PROSet" = Intel® PRO Network Connections Drivers
"QuickTime 3.0" = QuickTime 3.0
"RealArcade 1.2" = RealArcade
"Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration
"SprintMusicManagerA" = Sprint music manager
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SpywareGuard_is1" = SpywareGuard v2.2
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Study Helpers Spelling Bee" = Study Helpers Spelling Bee
"SysInfo" = Creative System Information
"System Requirements Lab" = System Requirements Lab
"TCPMP" = TCPMP
"Traverse PC PDF" = Traverse PC PDF
"Trophy Hunter 2003_is1" = Trophy Hunter 2003 - Rocky Mountain Adventures
"UnityWebPlayer" = Unity Web Player
"UnixUtils for Yahoo! Widgets" = Unix Utilities for Yahoo! Widgets
"VLC media player" = VLC media player 0.9.9
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Writer_Scripts" = Writer's Scripts
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Widget Engine" = Yahoo! Widgets
"YanCEyDesktop" = YanCEyDesktop
"YanCEyWare Reader 2.51" = YanCEyWare Reader 2.51
"ZENcast Organizer" = ZENcast Organizer
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{6D1A0AB3-832B-4966-8A24-5A9A65CF9FFC}" = Ancestral Quest 11
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 8/16/2009 11:22:51 AM | Computer Name = DGQSQS91 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\BIGMOM~1\LOCALS~1\TEMP\~DF334.TMP failed, 00000005.
Error - 8/27/2009 8:23:44 AM | Computer Name = DGQSQS91 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\BIG MOMMA\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\INTERNET
EXPLORER\RECOVERY\ACTIVE\RECOVERYSTORE.{AFB08064-92A6-11DE-AF4B-001372C25CAC}.DAT
failed, 00000005.
Error - 8/27/2009 8:23:45 AM | Computer Name = DGQSQS91 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\BIG MOMMA\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\INTERNET
EXPLORER\RECOVERY\ACTIVE\{AFB08065-92A6-11DE-AF4B-001372C25CAC}.DAT failed, 00000005.
Error - 8/29/2009 1:06:39 PM | Computer Name = DGQSQS91 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\BIG MOMMA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PF2AIGHO.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}\DEFAULTS\PREFERENCES\ADBLOCKPLUS.JS
failed, 00000005.
Error - 8/29/2009 1:06:40 PM | Computer Name = DGQSQS91 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\BIG MOMMA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PF2AIGHO.DEFAULT\EXTENSIONS\[email protected]\DEFAULTS\PREFERENCES\ADDICTIVETYPINGLESSONSPREFERENCES.JS
failed, 00000005.
Error - 8/29/2009 1:06:40 PM | Computer Name = DGQSQS91 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\BIG MOMMA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PF2AIGHO.DEFAULT\EXTENSIONS\{77B819FA-95AD-4F2C-AC7C-486B356188A9}\DEFAULTS\PREFERENCES\IETAB.JS
failed, 00000005.
Error - 8/29/2009 1:06:40 PM | Computer Name = DGQSQS91 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\BIG MOMMA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PF2AIGHO.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}\DEFAULTS\PREFERENCES\DEFAULTS.JS
failed, 00000005.
Error - 8/29/2009 1:06:40 PM | Computer Name = DGQSQS91 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\BIG MOMMA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PF2AIGHO.DEFAULT\EXTENSIONS\NUMPADTYPING@TOMKENNEDY\DEFAULTS\PREFERENCES\NUMPADPREFERENCES.JS
failed, 00000005.
Error - 8/29/2009 1:06:40 PM | Computer Name = DGQSQS91 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\BIG MOMMA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PF2AIGHO.DEFAULT\EXTENSIONS\{37E4D8EA-8BDA-4831-8EA1-89053939A250}\DEFAULTS\PREFERENCES\PREFS.JS
failed, 00000005.
Error - 8/29/2009 1:06:40 PM | Computer Name = DGQSQS91 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\BIG MOMMA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PF2AIGHO.DEFAULT\EXTENSIONS\{95F24680-9E31-11DA-A746-0800200C9A66}\DEFAULTS\PREFERENCES\DEFAULTS.JS
failed, 00000005.
[ Application Events ]
Error - 7/23/2009 3:06:31 PM | Computer Name = DGQSQS91 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.
Error - 7/23/2009 4:42:30 PM | Computer Name = DGQSQS91 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3483, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 7/23/2009 4:43:14 PM | Computer Name = DGQSQS91 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3483, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 7/23/2009 4:43:44 PM | Computer Name = DGQSQS91 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3483, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 7/23/2009 4:43:46 PM | Computer Name = DGQSQS91 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3483, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 7/24/2009 2:32:53 AM | Computer Name = DGQSQS91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/31/2009 1:26:21 AM | Computer Name = DGQSQS91 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4
1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL,
P10 NIL.
Error - 8/7/2009 8:20:33 PM | Computer Name = DGQSQS91 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4
1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL,
P10 NIL.
Error - 8/13/2009 3:00:44 PM | Computer Name = DGQSQS91 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4
1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL,
P10 NIL.
Error - 8/29/2009 2:10:04 PM | Computer Name = DGQSQS91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 8/29/2009 5:08:42 PM | Computer Name = DGQSQS91 | Source = Service Control Manager | ID = 7034
Description = The Creative Service for CDROM Access service terminated unexpectedly.
It has done this 1 time(s).
Error - 8/29/2009 5:08:42 PM | Computer Name = DGQSQS91 | Source = Service Control Manager | ID = 7031
Description = The Media Center Receiver Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
5000 milliseconds: Restart the service.
Error - 8/29/2009 5:08:42 PM | Computer Name = DGQSQS91 | Source = Service Control Manager | ID = 7034
Description = The Media Center Scheduler Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 8/29/2009 5:08:42 PM | Computer Name = DGQSQS91 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 8/29/2009 5:08:42 PM | Computer Name = DGQSQS91 | Source = Service Control Manager | ID = 7034
Description = The Machine Debug Manager service terminated unexpectedly. It has
done this 1 time(s).
Error - 8/29/2009 5:08:42 PM | Computer Name = DGQSQS91 | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).
Error - 8/29/2009 5:08:42 PM | Computer Name = DGQSQS91 | Source = Service Control Manager | ID = 7034
Description = The SigmaTel Audio Service service terminated unexpectedly. It has
done this 1 time(s).
Error - 8/29/2009 5:10:19 PM | Computer Name = DGQSQS91 | Source = Service Control Manager | ID = 7002
Description = The BrPar service depends on the Parallel arbitrator group and no
member of this group started.
Error - 8/29/2009 5:10:19 PM | Computer Name = DGQSQS91 | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058
Error - 8/29/2009 5:10:19 PM | Computer Name = DGQSQS91 | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%1058
< End of report >