MBAM:
Malwarebytes' Anti-Malware 1.40
Database version: 2761
Windows 6.0.6002 Service Pack 2
9/8/2009 6:47:45 PM
mbam-log-2009-09-08 (18-47-45).txt
Scan type: Quick Scan
Objects scanned: 81459
Time elapsed: 4 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
RootRepeal:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/08 18:49
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8C918000 Size: 32768 File Visible: No Signed: -
Status: -
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8CA00000 Size: 45056 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xAFA1F000 Size: 49152 File Visible: No Signed: -
Status: -
Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!
Path: C:\Windows\System32\audiodg.exe
PID: 1168 Status: Locked to the Windows API!
==EOF==
OTL:
OTL logfile created on: 9/8/2009 6:51:24 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Doris\Favorites\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.55% Memory free
4.00 Gb Paging File | 3.22 Gb Available in Paging File | 80.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 48.07 Gb Free Space | 64.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DORIS-PC
Current User Name: Doris
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/08/17 10:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/17 11:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/04/10 23:27:38 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/03/18 16:27:12 | 00,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2007/10/12 09:34:56 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/01/18 23:33:42 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2009/08/17 11:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/17 11:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/01/18 23:33:16 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2008/01/18 23:38:40 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2009/08/17 11:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2006/12/10 21:52:38 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2008/02/11 20:13:02 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/02/11 20:13:08 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2009/05/30 21:43:43 | 06,281,760 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/03/25 20:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/02/11 20:13:10 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/01/18 23:33:40 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2009/04/10 23:28:10 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008/01/18 23:33:40 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009/04/10 23:28:16 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2008/03/25 20:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2008/10/16 20:12:28 | 00,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/03 21:58:42 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/08 18:31:32 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Doris\Favorites\Downloads\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2008/03/18 16:27:12 | 00,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/08/17 10:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/08/17 11:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/08/17 11:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/08/17 11:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2009/03/29 21:42:16 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/04/10 23:28:26 | 01,017,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009/02/18 11:39:22 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2007/01/03 20:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/11/19 19:23:16 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2008/03/25 21:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2009/02/18 11:38:44 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/01/18 23:34:44 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC [Auto | Running])
SRV - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
SRV - [2008/07/18 13:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2009/02/18 11:38:44 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/10/12 09:34:56 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [Auto | Running])
SRV - [2008/07/18 13:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2008/01/18 23:38:26 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/18 23:33:40 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/08/29 19:10:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/01 10:58:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/07 19:57:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/07 19:57:49 | 00,000,000 | ---D | M]
[2008/09/20 18:35:54 | 00,000,000 | ---D | M] -- C:\Users\Doris\AppData\Roaming\mozilla\Extensions
[2008/09/20 18:35:54 | 00,000,000 | ---D | M] -- C:\Users\Doris\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/08 17:04:36 | 00,000,000 | ---D | M] -- C:\Users\Doris\AppData\Roaming\mozilla\Firefox\Profiles\arscbqdw.default\extensions
[2009/08/01 11:44:39 | 00,000,000 | ---D | M] -- C:\Users\Doris\AppData\Roaming\mozilla\Firefox\Profiles\arscbqdw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/01 16:18:51 | 00,000,000 | ---D | M] -- C:\Users\Doris\AppData\Roaming\mozilla\Firefox\Profiles\arscbqdw.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/01/01 18:39:24 | 00,000,000 | ---D | M] -- C:\Users\Doris\AppData\Roaming\mozilla\Firefox\Profiles\arscbqdw.default\extensions\[email protected]
[2009/01/01 18:38:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/03 21:58:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/11/07 21:54:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/05/17 20:33:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/08/03 21:58:42 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/03 21:58:42 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/08/03 21:58:43 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2006/10/07 05:18:48 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/09/07 19:57:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/09/07 19:57:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/07 19:57:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/07 19:57:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/07 19:57:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2006/10/07 05:01:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/07/18 20:10:02 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/18 20:10:02 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/18 20:10:02 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/18 20:10:02 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/18 20:10:02 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/18 20:10:02 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/18 20:10:02 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{55054949-da75-11db-a535-0011a3014418}\Shell - "" = AutoRun
O33 - MountPoints2\{55054949-da75-11db-a535-0011a3014418}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{73452b3f-1ffa-11dc-83ac-001921d10b4b}\Shell - "" = AutoRun
O33 - MountPoints2\{73452b3f-1ffa-11dc-83ac-001921d10b4b}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found
========== Files/Folders - Created Within 14 Days ==========
[2009/09/08 18:42:20 | 00,000,000 | ---D | C] -- C:\Users\Doris\AppData\Roaming\Malwarebytes
[2009/09/08 18:42:17 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/08 18:42:15 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/09/08 18:42:13 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/09/08 18:42:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/09/08 18:42:13 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/08 18:41:34 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/09/08 18:41:18 | 00,000,733 | ---- | C] () -- C:\Users\Doris\Desktop\NTREGOPT.lnk
[2009/09/08 18:41:18 | 00,000,714 | ---- | C] () -- C:\Users\Doris\Desktop\ERUNT.lnk
[2009/09/08 18:41:17 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/07 19:59:49 | 00,000,000 | ---D | C] -- C:\Users\Doris\AppData\Roaming\Apple Computer
[2009/09/07 19:59:42 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/09/07 19:59:09 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/09/07 19:58:47 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/09/07 19:58:44 | 00,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/09/07 19:58:44 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/09/07 19:58:07 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/09/07 19:57:40 | 00,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/09/07 19:57:18 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/09/07 19:57:16 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/09/07 19:55:45 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/09/07 19:20:21 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/09/07 15:02:30 | 00,000,788 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2009/09/07 10:57:31 | 00,107,100 | ---- | C] () -- C:\Users\Public\Documents\Walgreens.com - Local Weekl...pdf
[2009/09/05 22:56:38 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/09/05 22:56:38 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/09/05 22:56:36 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/09/05 22:54:58 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2009/09/05 22:54:27 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/09/05 22:51:04 | 00,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2009/09/05 22:39:19 | 00,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2009/09/05 22:39:18 | 00,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2009/09/05 22:39:18 | 00,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2009/09/05 22:39:07 | 00,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2009/09/05 22:39:05 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/05 22:39:03 | 00,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2009/09/05 22:38:32 | 11,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2009/09/05 22:38:31 | 03,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2009/09/05 22:38:29 | 00,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2009/09/05 22:38:22 | 02,499,629 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/09/05 22:38:19 | 00,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/05 22:38:19 | 00,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/09/05 22:38:11 | 00,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2009/09/05 22:38:10 | 00,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2009/09/05 22:38:08 | 00,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2009/09/05 22:36:08 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009/09/05 22:22:19 | 00,000,000 | ---D | C] -- C:\PerfLogs
[2009/09/05 21:27:37 | 00,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2009/09/05 21:26:46 | 00,145,455 | ---- | C] () -- C:\Windows\System32\perfmon.msc
[2009/09/05 21:25:54 | 00,144,909 | ---- | C] () -- C:\Windows\System32\fsmgmt.msc
[2009/09/05 21:25:53 | 00,015,181 | ---- | C] () -- C:\Windows\System32\gatherWirelessInfo.vbs
[2009/09/05 21:25:53 | 00,012,198 | ---- | C] () -- C:\Windows\System32\gatherWiredInfo.vbs
[2009/09/05 21:25:46 | 00,195,122 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2009/09/05 21:20:10 | 00,131,072 | ---- | C] () -- C:\Windows\SPInstall.etl
[2009/09/05 21:19:56 | 00,000,000 | ---D | C] -- C:\5569aa745c1d71129550d743801d
[2009/08/29 19:38:56 | 00,000,000 | ---D | C] -- C:\Users\Doris\AppData\Local\Apple
[2009/08/29 19:38:53 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/08/29 19:38:53 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
========== Files - Modified Within 14 Days ==========
[2009/09/08 18:50:00 | 00,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{92C99F14-099B-41B9-A2A3-B661BB9C5721}.job
[2009/09/08 18:42:50 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/09/08 18:42:50 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/09/08 18:42:50 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/09/08 18:42:17 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/08 18:41:18 | 00,000,733 | ---- | M] () -- C:\Users\Doris\Desktop\NTREGOPT.lnk
[2009/09/08 18:41:18 | 00,000,714 | ---- | M] () -- C:\Users\Doris\Desktop\ERUNT.lnk
[2009/09/08 18:36:49 | 00,005,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/08 18:36:49 | 00,005,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/08 18:36:41 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/08 18:36:28 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/08 18:26:21 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/09/07 21:12:00 | 02,276,589 | -H-- | M] () -- C:\Users\Doris\AppData\Local\IconCache.db
[2009/09/07 20:45:59 | 00,014,336 | ---- | M] () -- C:\Users\Doris\Documents\weekly budget.xls
[2009/09/07 19:59:42 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/09/07 19:57:40 | 00,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/09/07 19:27:49 | 00,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/09/07 15:02:30 | 00,000,788 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2009/09/07 10:57:02 | 00,107,100 | ---- | M] () -- C:\Users\Public\Documents\Walgreens.com - Local Weekl...pdf
[2009/09/06 10:31:31 | 00,001,670 | ---- | M] () -- C:\Users\Doris\Desktop\CCleaner.lnk
[2009/09/05 22:59:35 | 00,268,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/09/05 22:54:58 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2009/09/05 22:54:27 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/09/05 22:32:28 | 00,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2009/09/05 22:06:58 | 00,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2009/09/05 22:06:52 | 00,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2009/09/05 21:56:46 | 00,131,072 | ---- | M] () -- C:\Windows\SPInstall.etl
========== LOP Check ==========
[2009/09/08 18:42:20 | 00,000,000 | ---D | M] -- C:\Users\Doris\AppData\Roaming
[2007/05/18 16:58:02 | 00,000,000 | ---D | M] -- C:\Users\Doris\AppData\Roaming\Everest Labs
[2009/03/12 20:10:02 | 00,000,000 | ---D | M] -- C:\Users\Doris\AppData\Roaming\Image Zone Express
[2007/06/07 16:11:19 | 00,000,000 | ---D | M] -- C:\Users\Doris\AppData\Roaming\Printer Info Cache
[2008/08/16 16:46:13 | 00,000,000 | ---D | M] -- C:\Users\Doris\AppData\Roaming\Skinux
[2007/03/24 22:02:56 | 00,000,000 | ---D | M] -- C:\Users\Doris\AppData\Roaming\Thunderbird
[2007/04/25 19:30:10 | 00,000,000 | ---D | M] -- C:\Users\Doris\AppData\Roaming\U3
[2009/09/08 18:36:41 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/09/08 18:35:44 | 00,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/09/08 18:50:00 | 00,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{92C99F14-099B-41B9-A2A3-B661BB9C5721}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\system32\eventlog.dll >
< %systemroot%\system32\scecli.dll >
[2009/04/10 23:28:26 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scecli.dll
< %systemroot%\netlogon.dll >
< %systemroot%\system32\cngaudit.dll >
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cngaudit.dll
< %systemroot%\system32\sceclt.dll >
< %systemroot%\ntelogon.dll >
< %systemroot%\system32\logevent.dll >
< End of report >
Extras.txt:
OTL Extras logfile created on: 9/8/2009 6:51:24 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Doris\Favorites\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.55% Memory free
4.00 Gb Paging File | 3.22 Gb Available in Paging File | 80.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 48.07 Gb Free Space | 64.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DORIS-PC
Current User Name: Doris
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9BAEB571-6784-4E41-B9BA-8205E1BE5747}" = lport=139 | protocol=6 | dir=in | name=samba printing |
"{9D05752C-D1D7-4F76-BAE5-C9185C9B10C5}" = lport=137 | protocol=17 | dir=in | name=samba printing |
"{D879FDBE-2AD3-45AA-B924-7FBD7952095C}" = lport=138 | protocol=6 | dir=in | name=samba printing |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3BC35A08-CF2A-452C-B672-FE831C39BE6A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7949053B-C866-4375-999F-C669D1C32F0B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8535CCF5-3EEE-4CE5-A58A-EFF7578E8781}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{997B07A4-CE6C-4B2C-AB90-398A16867CF2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BD0E45B3-52BD-4231-8262-DF2B93DBE784}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C59BE561-95C9-4DE9-AB8A-ED58C45AD77A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F03D05C3-C3AA-4E95-9D3D-FBCCA2FE0301}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{66AC1802-27AC-49D1-B8F5-83B21F8796A6}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{8AAD7CCC-320B-4493-A823-E9A7D0572256}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{1837046D-29A6-4CD3-B03B-494AC104CBFF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5063DEA7-B5C2-4F7C-87CF-6B548A8204DC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2EAEB0A6-582A-490B-B075-D837677365C2}" = 2WIREUSBWLANInstaller
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3CE11B98-C61C-4692-9E0E-59934761C3BE}" = 2Wire Wireless Manager
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"avast!" = avast! Antivirus
"CCleaner" = CCleaner (remove only)
"CutePDF Writer Installation" = CutePDF Writer 2.7
"ERUNT_is1" = ERUNT 1.1j
"Formatta Filler 7.0" = Formatta Filler 7.0
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"Mozilla Thunderbird (1.5)" = Mozilla Thunderbird (1.5)
"Picasa 3" = Picasa 3
"RealAlt_is1" = Real Alternative 1.51
"Yahoo! Applications" = AT&T Yahoo! Applications
"Yahoo! Toolbar" = Yahoo! Toolbar
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 4/22/2007 12:54:18 AM | Computer Name = Doris-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: FATAL: GetQueuedCompletionStatus failed!!!!!,
00000006.
Error - 4/22/2007 11:06:53 PM | Computer Name = Doris-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: FATAL: GetQueuedCompletionStatus failed!!!!!,
00000006.
Error - 5/12/2007 6:38:43 PM | Computer Name = Doris-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: FATAL: GetQueuedCompletionStatus failed!!!!!,
00000006.
Error - 5/15/2007 11:29:01 PM | Computer Name = Doris-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: FATAL: GetQueuedCompletionStatus failed!!!!!,
00000006.
Error - 5/18/2007 12:44:30 AM | Computer Name = Doris-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: FATAL: GetQueuedCompletionStatus failed!!!!!,
00000006.
Error - 5/26/2007 12:06:32 AM | Computer Name = Doris-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: FATAL: GetQueuedCompletionStatus failed!!!!!,
00000006.
Error - 5/28/2007 11:38:40 PM | Computer Name = Doris-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: FATAL: GetQueuedCompletionStatus failed!!!!!,
00000006.
Error - 6/1/2007 12:05:56 AM | Computer Name = Doris-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: FATAL: GetQueuedCompletionStatus failed!!!!!,
00000006.
Error - 6/1/2007 11:09:32 PM | Computer Name = Doris-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: FATAL: GetQueuedCompletionStatus failed!!!!!,
00000006.
Error - 6/21/2007 11:28:19 PM | Computer Name = Doris-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: FATAL: GetQueuedCompletionStatus failed!!!!!,
00000006.
[ Application Events ]
Error - 9/5/2009 11:25:47 AM | Computer Name = Doris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 9/5/2009 11:41:59 AM | Computer Name = Doris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 9/5/2009 11:24:30 PM | Computer Name = Doris-PC | Source = WerSvc | ID = 5007
Description =
Error - 9/5/2009 11:33:19 PM | Computer Name = Doris-PC | Source = ESENT | ID = 215
Description = WinMail (1272) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.
Error - 9/6/2009 12:25:10 AM | Computer Name = Doris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 9/6/2009 11:27:30 AM | Computer Name = Doris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 9/6/2009 12:18:00 PM | Computer Name = Doris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 9/7/2009 10:24:49 AM | Computer Name = Doris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 9/7/2009 8:25:17 PM | Computer Name = Doris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 9/8/2009 7:54:11 AM | Computer Name = Doris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 9/8/2009 11:01:15 AM | Computer Name = Doris-PC | Source = bowser | ID = 8003
Description =
Error - 9/8/2009 7:33:19 PM | Computer Name = Doris-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 9/8/2009 7:33:19 PM | Computer Name = Doris-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 9/8/2009 7:33:20 PM | Computer Name = Doris-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 9/8/2009 7:33:20 PM | Computer Name = Doris-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 9/8/2009 7:33:21 PM | Computer Name = Doris-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 9/8/2009 7:33:27 PM | Computer Name = Doris-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 9/8/2009 7:33:27 PM | Computer Name = Doris-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 9/8/2009 7:38:23 PM | Computer Name = Doris-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 9/8/2009 7:38:23 PM | Computer Name = Doris-PC | Source = LSM | ID = 1048
Description =
< End of report >
As you can see, there are quite a number of errors in the "extras" log. I should also tell you that I recently updated the PC with Windows Vista Service Pack 1 and Service Pack 2, in that order. I have not yet updated to Internet Explorer 8, and I'm frankly afraid to, because the last time I did it got stuck in an endless restart loop and I had to use the repair console to fix the install of Windows. Any help you can provide would be greatly appreciated. Thanks.