Malwarebytes' Anti-Malware 1.41
Database version: 3168
Windows 5.1.2600 Service Pack 3
11/14/2009 4:25:49 AM
mbam-log-2009-11-14 (04-25-49).txt
Scan type: Quick Scan
Objects scanned: 102756
Time elapsed: 10 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\VXNlcg (Adware.CommAd) -> Quarantined and deleted successfully.
Files Infected:
(No malicious items detected)
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/14 05:04
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEDFB2000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79E0000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEBA42000 Size: 49152 File Visible: No Signed: -
Status: -
Processes
-------------------
Path: C:\WINDOWS\system32\svchost.exe
PID: 432 Status: Locked to the Windows API!
Path: C:\WINDOWS\system32\svchost.exe
PID: 448 Status: Locked to the Windows API!
Path: C:\WINDOWS\system32\svchost.exe
PID: 656 Status: Locked to the Windows API!
Path: C:\WINDOWS\system32\csrss.exe
PID: 1204 Status: Locked to the Windows API!
Path: C:\WINDOWS\system32\svchost.exe
PID: 1600 Status: Locked to the Windows API!
Path: C:\WINDOWS\system32\wbem\wmiprvse.exe
PID: 2232 Status: Locked to the Windows API!
Path: C:\Program Files\Windows Media Player\wmpnetwk.exe
PID: 2448 Status: Locked to the Windows API!
Path: C:\WINDOWS\system32\alg.exe
PID: 2704 Status: Locked to the Windows API!
Path: C:\Program Files\Rogers Online Protection\Rogers Online Protection\Kav\Bin\ScanningProcess.exe
PID: 3140 Status: Locked to the Windows API!
SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d62a0
#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d434e
#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xf750087e
#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d5fd0
#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d6140
#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d6e10
#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d68ae
#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d77d0
#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d6450
#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d3ea0
#: 116 Function Name: NtOpenFile
Status: Hooked by "kl1.sys" at address 0xf71af030
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d5dc0
#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d6c3e
#: 173 Function Name: NtQuerySystemInformation
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d7436
#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d4930
#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d7740
#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d7b00
#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d80c0
#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d2af0
#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d6a90
#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xf7500bfe
#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d76f0
#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d41b0
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d72ab
#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xee0d6310
==EOF==
OTL logfile created on: 11/14/2009 5:07:23 AM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.48 Mb Total Physical Memory | 324.78 Mb Available Physical Memory | 31.76% Memory free
2.40 Gb Paging File | 1.72 Gb Available in Paging File | 71.49% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 34.01 Gb Free Space | 45.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: USER-CB34E5069C
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2009/11/14 05:06:27 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/06/16 21:42:17 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/27 21:52:04 | 00,356,592 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\RPS.exe
PRC - [2009/02/27 21:52:04 | 00,356,592 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\RPS.exe
PRC - [2009/02/27 21:52:04 | 00,097,520 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
PRC - [2009/02/27 21:52:04 | 00,097,520 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
PRC - [2009/02/27 21:51:18 | 00,363,248 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
PRC - [2009/02/27 13:13:52 | 03,228,912 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
PRC - [2009/02/27 13:13:52 | 00,398,576 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgentComHandler.exe
PRC - [2008/05/21 16:26:10 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/28 06:23:28 | 00,414,984 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/06 19:40:54 | 00,815,104 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2007/11/06 19:40:54 | 00,815,104 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2007/11/06 19:40:54 | 00,815,104 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2007/09/15 01:27:20 | 01,015,808 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/03/09 10:09:58 | 00,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2006/11/03 18:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2006/07/04 22:26:02 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/08/03 20:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/08/03 20:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/01/04 10:50:52 | 00,405,583 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2004/12/08 16:23:22 | 00,790,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2004/12/03 13:24:20 | 00,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2004/11/17 23:32:56 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\shared\hpqwmi.exe
PRC - [2004/08/25 11:26:46 | 00,442,368 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe
PRC - [2004/02/13 14:12:08 | 00,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
PRC - [2004/02/13 14:12:08 | 00,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
PRC - [2000/02/08 22:19:48 | 00,036,864 | ---- | M] (Roland) -- C:\Program Files\Roland\VSC32\vscvol.exe
PRC - [2000/02/07 02:02:44 | 00,036,864 | ---- | M] (Roland) -- C:\Program Files\Roland\VSC32\Vsc32Cnf.exe
========== Modules (SafeList) ==========
MOD - [2009/11/14 05:06:27 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/13 19:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2004/02/11 16:58:16 | 00,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Owner\Local Settings\Temp\IadHide5.dll
MOD - [2001/03/13 10:15:22 | 00,118,876 | ---- | M] (Roland) -- C:\WINDOWS\system32\vscapi.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/10/26 12:39:35 | 02,309,520 | ---- | M] () -- c:\Program Files\Common Files\Akamai\rswin_3600.dll -- (Akamai)
SRV - [2009/06/16 21:42:17 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/02/27 21:52:04 | 00,097,520 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe -- (Radialpoint Security Services)
SRV - [2009/02/27 21:51:18 | 00,363,248 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe -- (RP_FWS)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/05/21 16:25:30 | 00,012,800 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/04/28 06:23:36 | 00,738,568 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2008/04/28 06:23:28 | 00,414,984 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/09/26 13:41:56 | 00,503,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2007/09/06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/07/29 18:34:38 | 00,117,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.dll -- (usnsvc)
SRV - [2005/10/27 09:34:44 | 00,069,632 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2005/08/03 20:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004/11/17 23:32:56 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\shared\hpqwmi.exe -- (hpqwmi)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - [2009/11/02 22:21:31 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\Pcouffin.sys -- (Pcouffin)
DRV - [2009/09/23 07:55:23 | 00,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/03/25 05:29:52 | 00,130,432 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/02/25 04:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/02/25 04:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/01/05 19:07:27 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/10/23 00:58:36 | 01,391,104 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/09/08 11:35:58 | 00,196,368 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2008/06/26 12:23:14 | 00,112,144 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\DRIVERS\kl1.sys -- (KL1)
DRV - [2008/05/16 05:10:32 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 05:10:30 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/04/25 05:38:22 | 00,071,184 | ---- | M] (Raxco Software, Inc.) -- C:\WINDOWS\system32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2008/04/24 13:02:36 | 00,053,192 | ---- | M] (Radialpoint Inc.) -- C:\WINDOWS\system32\drivers\rp_skt32.sys -- (RPSKT)
DRV - [2008/04/13 13:36:41 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/09/15 01:09:44 | 00,213,696 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/04/19 10:36:50 | 00,048,384 | ---- | M] (Radialpoint, Inc.) -- C:\WINDOWS\system32\drivers\rp_pkt32.sys -- (RPPKT)
DRV - [2007/02/20 12:07:56 | 00,005,632 | ---- | M] () -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/06/18 23:37:34 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/11/03 03:00:00 | 00,046,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/08/03 20:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/22 13:39:54 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/03/22 13:39:44 | 00,200,192 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/03/22 13:39:42 | 01,038,208 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/03/22 13:39:40 | 00,703,232 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/06 13:07:32 | 00,104,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2004/11/23 12:57:56 | 00,280,192 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004/11/23 12:56:40 | 00,034,048 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2004/11/16 13:30:40 | 00,147,840 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/10/07 20:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 17:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/04/14 07:36:50 | 00,007,432 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/09/19 00:47:00 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/10 22:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/06/06 11:46:16 | 00,005,220 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2001/08/17 13:12:20 | 00,060,416 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrSerWdm.sys -- (BrSerWDM)
DRV - [2001/08/17 13:12:20 | 00,011,008 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2001/08/17 13:12:12 | 00,002,944 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [2001/08/17 12:12:22 | 00,010,368 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/04/16 08:16:58 | 00,951,284 | ---- | M] (Roland) -- C:\WINDOWS\system32\drivers\vsc.sys -- (vsc32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.barrie-homes.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/16 21:42:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/16 21:33:34 | 00,000,000 | ---D | M]
[2009/06/16 21:47:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/06/16 21:47:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
O1 HOSTS File: (306675 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.pacimedia.com
O1 - Hosts: 127.0.0.1 www.pacimedia.com
O1 - Hosts: 127.0.0.1 www.pacimedia.com
O1 - Hosts: 127.0.0.1 www.pacimedia.com
O1 - Hosts: 127.0.0.1 www.pacimedia.com
O1 - Hosts: 127.0.0.1 as.adwave.com
O1 - Hosts: 127.0.0.1 sr.adwave.com
O1 - Hosts: 127.0.0.1 www.adwave.com
O1 - Hosts: 127.0.0.1 adwave.com
O1 - Hosts: 127.0.0.1 www.pacimedia.com
O1 - Hosts: 127.0.0.1 www.igetnet.com
O1 - Hosts: 127.0.0.1 code.ignphrases.com
O1 - Hosts: 127.0.0.1 clear-search.com
O1 - Hosts: 127.0.0.1 r1.clrsch.com
O1 - Hosts: 127.0.0.1 sds.clrsch.com
O1 - Hosts: 127.0.0.1 status.clrsch.com
O1 - Hosts: 127.0.0.1 www.clrsch.com
O1 - Hosts: 127.0.0.1 clr-sch.com
O1 - Hosts: 127.0.0.1 sds-qckads.com
O1 - Hosts: 127.0.0.1 status.qckads.com
O1 - Hosts: 127.0.0.1 www.qoolaid.com
O1 - Hosts: 127.0.0.1 www.qoologic.com
O1 - Hosts: 127.0.0.1 www.CLKPrecision.com
O1 - Hosts: 127.0.0.1 www.urllogic.com
O1 - Hosts: 10564 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
O2 - BHO: (PopKill Class) - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Rogers Online Protection\Rogers Online Protection\pkR.dll (Rogers)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [OPSE reminder] C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [RogersServicepointAgent.exe] C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe (Rogers)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vsc32cnf.exe] C:\Program Files\Roland\VSC32\Vsc32Cnf.exe (Roland)
O4 - HKLM..\Run: [vscvol.exe] C:\Program Files\Roland\VSC32\vscvol.exe (Roland)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [IndexCleaner] C:\Program Files\Rogers Online Protection\Rogers Online Protection\IdxClnR.exe (Rogers)
O4 - HKCU..\RunOnce: [IndexCleaner] C:\Program Files\Rogers Online Protection\Rogers Online Protection\IdxClnR.exe (Rogers)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Outlook\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Outlook\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\\DownloadPDF.exe ()
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: Interealty.com ([]* is out of zone range - 5)
O15 - HKCU\..Trusted Domains: MLXchange.com ([]* is out of zone range - 5)
O15 - HKCU\..Trusted Domains: MLXchange.com ([barrie] http in Trusted sites)
O15 - HKCU\..Trusted Domains: topproducer8i.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} http://barrie.mlxcha...FileCruiser.cab (FileCruiser Class)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} http://barrie.mlxcha...ol/Specfile.cab (Specfile Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://protect.micro...b?1134095294843 (MSSecurityAdvisor Class)
O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} http://barrie.mlxcha...ontrol/SISC.cab (SISCtrl Class)
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} http://dlm.tools.aka...vex-2.2.0.5.cab (DownloadManager Control)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.micr...tualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.h...ads/sysinfo.cab (SysData Class)
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} http://barrie.mlxcha...ectComboBox.cab (Interealty MultiSelect)
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} http://us.dl1.yimg.c...ntr_current.cab (WXcom Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} https://scan.safety....lscbase3401.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1136857542687 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} http://barrie.mlxcha...ClientUtils.cab (MLXchange Client Utils)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai...all/xscan53.cab (HouseCall Control)
O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} http://barrie.mlxcha...ol/LiteGrid.cab (LiteGridCtl Class)
O16 - DPF: {7A7537FC-5988-11D3-8B33-00104B9E5A4A} http://barrie.mlxcha...IRCWebPrint.cab (IRCWwwPrint Class)
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} http://download.zone...canner37390.cab (ICSScanner Class)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://barrie.mlxcha...ol/IRCSharc.cab (GeacRevw Control)
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} https://www.topprodu...ads/arview2.cab (ActiveReports Viewer2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} http://barrie.mlxcha...trol/WebDog.cab (Cerebus Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} http://barrie.mlxcha...CustomCtrls.cab (DropList Class)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.aka...vex-2.2.3.0.cab (DLM Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: PUFLITE http://www.barrie-ho...rol/PUFLITE.CAB (Reg Error: Key error.)
O16 - DPF: TruePass EPF 7,0,100,730 https://blrscr3.egs-...sapplet-epf.cab (Reg Error: Key error.)
O16 - DPF: TruePass EPF 7,0,100,739 https://blrscr3.egs-...sapplet-epf.cab (Reg Error: Key error.)
O16 - DPF: WebConnect Pro 6.5.12 http://wc.harryfox.c...ebConnectDU.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINDOWS\System32\wzcdlg.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/28 12:20:48 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{187564bc-cc2f-11db-bece-00904bea1133}\Shell - "" = AutoRun
O33 - MountPoints2\{187564bc-cc2f-11db-bece-00904bea1133}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{187564bc-cc2f-11db-bece-00904bea1133}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/09/28 11:53:50 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2009/11/14 05:06:23 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/14 05:03:43 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/14 04:09:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/11/14 04:09:11 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/14 04:08:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/14 04:08:53 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/14 04:08:47 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/14 04:07:03 | 04,045,536 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/11/14 04:04:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/14 04:03:04 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/14 03:59:58 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/11/14 03:57:12 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/11/14 03:44:48 | 00,339,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/11/05 12:53:44 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\PrivacIE
[2009/11/05 12:49:44 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2009/11/05 12:45:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/11/05 12:36:20 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/11/05 12:32:35 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/11/05 12:32:28 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/11/05 12:32:26 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/11/02 22:58:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CopyToDvd
[2009/11/02 22:43:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\DVDVideoSoft
[2009/11/02 22:43:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2009/11/02 22:43:30 | 00,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2009/11/02 22:37:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\1ClickDVDCopy
[2009/11/02 22:21:31 | 00,047,360 | ---- | C] (VSO Software) -- C:\WINDOWS\System32\drivers\Pcouffin.sys
[2009/11/02 22:21:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\PcSetup
[2009/11/02 22:21:22 | 00,000,000 | ---D | C] -- C:\Program Files\LG Software Innovations
[2009/11/02 22:15:49 | 00,000,000 | ---D | C] -- C:\Program Files\Cute CD DVD Burner
[2009/10/17 17:02:11 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/10/17 12:37:00 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
========== Files - Modified Within 30 Days ==========
[2009/11/14 05:06:29 | 30,223,904 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/11/14 05:06:27 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/14 05:06:26 | 01,376,800 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/11/14 05:04:01 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/14 05:03:50 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/14 05:01:21 | 00,000,872 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/11/14 04:51:27 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/11/14 04:47:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/14 04:47:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/14 04:47:05 | 10,722,22208 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/14 04:46:11 | 00,130,028 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/11/14 04:46:09 | 00,405,740 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/11/14 04:45:42 | 11,272,192 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/11/14 04:45:42 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/11/14 04:09:21 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/14 04:07:44 | 04,045,536 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2009/11/14 04:03:09 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/11/14 04:03:09 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/11/14 04:00:10 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner\Desktop\erunt_setup.exe
[2009/11/14 03:57:32 | 00,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/14 03:57:31 | 00,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/14 03:57:28 | 00,526,678 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/14 03:57:13 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/11/14 03:44:51 | 00,339,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/11/13 23:52:04 | 71,514,6240 | ---- | M] () -- C:\WINDOWS\outlook.pst
[2009/11/13 23:36:19 | 00,000,066 | ---- | M] () -- C:\WINDOWS\BBW_INFO.INI
[2009/11/13 23:15:08 | 00,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E9834806-95AE-4C9A-BE89-2033424A5102}.job
[2009/11/13 16:00:01 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\{DD9841C2-FF71-4992-9C78-E4A2079B987D}_USER-CB34E5069C_Owner.job
[2009/11/13 16:00:01 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\{0871E114-9034-457F-B776-6F8FB1FB2657}_USER-CB34E5069C_Owner.job
[2009/11/12 06:12:19 | 00,529,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/11 22:29:38 | 00,002,395 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/11 20:43:57 | 00,002,653 | ---- | M] () -- C:\WINDOWS\BRMFBIDI.INI
[2009/11/07 17:20:34 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/06 00:37:55 | 00,001,979 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2009/11/05 15:01:22 | 00,160,861 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\all_statements2009-04-01.zip
[2009/11/05 13:14:07 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/05 12:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/11/05 11:19:21 | 00,064,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Release Notes for Internet Explorer 8.doc
[2009/11/04 09:00:04 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\{480D9EB6-B594-4880-AF41-CA8CF972227D}_USER-CB34E5069C_Owner.job
[2009/11/02 22:43:40 | 00,000,892 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DVDVideoSoft Free Studio.lnk
[2009/11/02 22:21:31 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\drivers\Pcouffin.sys
[2009/11/02 22:21:29 | 00,001,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1Click DVD Copy 4.2.lnk
[2009/11/02 22:16:07 | 00,000,730 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Cute CD DVD Burner.lnk
[2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2009/10/30 18:35:10 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/10/22 23:07:06 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/22 13:17:52 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/10/22 04:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/22 04:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
========== Files Created - No Company Name ==========
[2009/11/14 05:04:01 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/14 04:09:21 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/14 04:03:09 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/11/14 04:03:09 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/11/05 15:01:14 | 00,160,861 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\all_statements2009-04-01.zip
[2009/11/05 12:49:53 | 00,000,392 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E9834806-95AE-4C9A-BE89-2033424A5102}.job
[2009/11/05 11:19:20 | 00,064,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Release Notes for Internet Explorer 8.doc
[2009/11/02 22:43:40 | 00,000,892 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DVDVideoSoft Free Studio.lnk
[2009/11/02 22:21:29 | 00,001,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\1Click DVD Copy 4.2.lnk
[2009/11/02 22:16:07 | 00,000,730 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Cute CD DVD Burner.lnk
[2009/10/22 23:07:05 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/22 13:17:52 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/10/22 13:17:52 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/10/17 12:36:54 | 00,000,872 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/05/29 11:26:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\WIN.INI
[2009/05/29 11:26:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\SYSTEM.INI
[2009/03/03 11:18:04 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/12/03 07:45:47 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/04/28 00:36:51 | 00,000,059 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2008/03/08 15:13:25 | 00,000,056 | ---- | C] () -- C:\WINDOWS\LiveUpdate.INI
[2008/01/30 21:29:18 | 00,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2007/12/28 13:57:50 | 00,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/12/28 13:06:11 | 00,000,367 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP12.INI
[2007/12/25 12:33:16 | 00,000,332 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP21.INI
[2007/12/25 12:20:22 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/12/25 12:18:47 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/10/18 10:55:15 | 00,021,942 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft Excel.ADR
[2007/07/12 20:24:31 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\custmon2k.dll
[2007/06/08 16:27:47 | 00,000,022 | ---- | C] () -- C:\WINDOWS\WS_FTP.INI
[2007/06/05 13:10:35 | 00,023,405 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Comma Separated Values (Windows).ADR
[2007/03/05 12:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/20 12:07:56 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/01/07 21:15:57 | 00,000,865 | ---- | C] () -- C:\WINDOWS\Common.ini
[2006/09/15 15:29:21 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/07/11 22:05:32 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\mlcrs0ft.dll
[2006/07/05 13:29:15 | 05,300,386 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/04/10 11:17:26 | 00,000,066 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2006/04/10 10:58:16 | 00,000,041 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/13 23:29:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2006/01/16 08:58:20 | 00,000,024 | ---- | C] () -- C:\WINDOWS\qfnonl.ini
[2006/01/16 08:57:21 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2006/01/16 08:57:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2006/01/16 08:57:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2006/01/11 22:29:43 | 00,000,032 | ---- | C] () -- C:\WINDOWS\thxcfg.ini
[2006/01/05 18:51:21 | 00,000,050 | ---- | C] () -- C:\WINDOWS\TPDataTransfer.ini
[2006/01/05 18:51:09 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2005/12/28 10:31:23 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/12/28 10:31:23 | 00,000,036 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[2005/11/09 13:03:09 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/11/09 13:03:09 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/11/09 07:13:46 | 00,127,608 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/11/09 06:49:18 | 00,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/11/09 06:49:18 | 00,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2005/11/09 06:48:27 | 00,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/11/06 22:17:32 | 00,002,653 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2005/10/06 10:22:26 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/10/05 14:33:57 | 00,004,419 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
[2005/09/30 15:25:48 | 00,001,979 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/09/30 15:25:46 | 00,001,065 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2005/09/30 15:25:45 | 00,000,252 | ---- | C] () -- C:\WINDOWS\ADDRBOOK.INI
[2005/09/30 13:43:33 | 00,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/30 13:06:24 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JPR.{PB
[2005/09/30 13:06:24 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JCM.{PB
[2005/09/30 11:05:10 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\N2PUtil.dll
[2005/09/30 11:04:15 | 00,041,472 | ---- | C] () -- C:\WINDOWS\qvphook.dll
[2005/09/28 19:32:51 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2005/09/28 12:18:44 | 00,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/09/28 12:16:26 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/09/28 12:16:26 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/09/28 12:16:26 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/09/28 12:16:26 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/09/28 12:16:26 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/09/28 12:16:26 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/09/28 12:02:56 | 00,033,795 | ---- | C] () -- C:\WINDOWS\System32\pibdpub.dll
[2005/09/28 12:02:56 | 00,031,747 | ---- | C] () -- C:\WINDOWS\System32\hhmepro.dll
[2005/09/28 12:02:56 | 00,026,626 | ---- | C] () -- C:\WINDOWS\System32\ineyuni.dll
[2005/09/28 12:02:56 | 00,020,482 | ---- | C] () -- C:\WINDOWS\System32\elxsinh.dll
[2005/09/28 11:58:47 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2005/09/28 07:38:30 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/10/26 12:30:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 16:37:04 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\missouri.dll
[2004/08/04 07:00:00 | 00,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004571_.tmp.dll
[2004/08/04 07:00:00 | 00,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004539_.tmp.dll
[2004/08/04 07:00:00 | 00,002,395 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 07:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/01/12 21:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/14 15:12:10 | 00,000,304 | ---- | C] () -- C:\WINDOWS\dev.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/05 18:51:00 | 00,059,392 | R--- | C] () -- C:\WINDOWS\streamhlp.dll
[2002/11/01 16:17:50 | 00,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/08/12 09:19:42 | 00,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[2002/08/09 06:18:44 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\pandoras.dll
[2002/07/04 15:05:34 | 00,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/01/08 16:57:34 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/12/14 13:34:46 | 00,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2000/09/08 17:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/07/23 13:46:48 | 00,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 00,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1997/07/10 23:00:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/10 23:00:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/10 23:00:00 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2005/10/31 10:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
< %SYSTEMDRIVE%\sceclt.dll /s /md5 >
< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >
< %SYSTEMDRIVE%\logevent.dll /s /md5 >
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/04 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
========== Alternate Data Streams ==========
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E3D07DE
< End of report >
OTL Extras logfile created on: 11/14/2009 5:07:23 AM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.48 Mb Total Physical Memory | 324.78 Mb Available Physical Memory | 31.76% Memory free
2.40 Gb Paging File | 1.72 Gb Available in Paging File | 71.49% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 34.01 Gb Free Space | 45.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: USER-CB34E5069C
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Outlook\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Outlook\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [ACDBrowse] -- "C:\PROGRA~1\ACDSYS~1\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"9420:TCP" = 9420:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
"1736:TCP" = 1736:TCP:*:Enabled:Akamai NetSession Interface
"1614:TCP" = 1614:TCP:*:Enabled:Akamai NetSession Interface
"1154:TCP" = 1154:TCP:*:Enabled:Akamai NetSession Interface
"1621:TCP" = 1621:TCP:*:Enabled:Akamai NetSession Interface
"2876:TCP" = 2876:TCP:*:Enabled:Akamai NetSession Interface
"1579:TCP" = 1579:TCP:*:Enabled:Akamai NetSession Interface
"1687:TCP" = 1687:TCP:*:Enabled:Akamai NetSession Interface
"1098:TCP" = 1098:TCP:*:Enabled:Akamai NetSession Interface
"1987:TCP" = 1987:TCP:*:Enabled:Akamai NetSession Interface
"1720:TCP" = 1720:TCP:*:Enabled:Akamai NetSession Interface
"1740:TCP" = 1740:TCP:*:Enabled:Akamai NetSession Interface
"2554:TCP" = 2554:TCP:*:Enabled:Akamai NetSession Interface
"2691:TCP" = 2691:TCP:*:Enabled:Akamai NetSession Interface
"3746:TCP" = 3746:TCP:*:Enabled:Akamai NetSession Interface
"3998:TCP" = 3998:TCP:*:Enabled:Akamai NetSession Interface
"2432:TCP" = 2432:TCP:*:Enabled:Akamai NetSession Interface
"3477:TCP" = 3477:TCP:*:Enabled:Akamai NetSession Interface
"1756:TCP" = 1756:TCP:*:Enabled:Akamai NetSession Interface
"3964:TCP" = 3964:TCP:*:Enabled:Akamai NetSession Interface
"2158:TCP" = 2158:TCP:*:Enabled:Akamai NetSession Interface
"2319:TCP" = 2319:TCP:*:Enabled:Akamai NetSession Interface
"1722:TCP" = 1722:TCP:*:Enabled:Akamai NetSession Interface
"2791:TCP" = 2791:TCP:*:Enabled:Akamai NetSession Interface
"1120:TCP" = 1120:TCP:*:Enabled:Akamai NetSession Interface
"4443:TCP" = 4443:TCP:*:Enabled:Akamai NetSession Interface
"4392:TCP" = 4392:TCP:*:Enabled:Akamai NetSession Interface
"1708:TCP" = 1708:TCP:*:Enabled:Akamai NetSession Interface
"1187:TCP" = 1187:TCP:*:Enabled:Akamai NetSession Interface
"1177:TCP" = 1177:TCP:*:Enabled:Akamai NetSession Interface
"1186:TCP" = 1186:TCP:*:Enabled:Akamai NetSession Interface
"1415:TCP" = 1415:TCP:*:Enabled:Akamai NetSession Interface
"3010:TCP" = 3010:TCP:*:Enabled:Akamai NetSession Interface
"3394:TCP" = 3394:TCP:*:Enabled:Akamai NetSession Interface
"4589:TCP" = 4589:TCP:*:Enabled:Akamai NetSession Interface
"1410:TCP" = 1410:TCP:*:Enabled:Akamai NetSession Interface
"2328:TCP" = 2328:TCP:*:Enabled:Akamai NetSession Interface
"2787:TCP" = 2787:TCP:*:Enabled:Akamai NetSession Interface
"1916:TCP" = 1916:TCP:*:Enabled:Akamai NetSession Interface
"2100:TCP" = 2100:TCP:*:Enabled:Akamai NetSession Interface
"2370:TCP" = 2370:TCP:*:Enabled:Akamai NetSession Interface
"3101:TCP" = 3101:TCP:*:Enabled:Akamai NetSession Interface
"1456:TCP" = 1456:TCP:*:Enabled:Akamai NetSession Interface
"2082:TCP" = 2082:TCP:*:Enabled:Akamai NetSession Interface
"1563:TCP" = 1563:TCP:*:Enabled:Akamai NetSession Interface
"2620:TCP" = 2620:TCP:*:Enabled:Akamai NetSession Interface
"1334:TCP" = 1334:TCP:*:Enabled:Akamai NetSession Interface
"2108:TCP" = 2108:TCP:*:Enabled:Akamai NetSession Interface
"2577:TCP" = 2577:TCP:*:Enabled:Akamai NetSession Interface
"2889:TCP" = 2889:TCP:*:Enabled:Akamai NetSession Interface
"1185:TCP" = 1185:TCP:*:Enabled:Akamai NetSession Interface
"1753:TCP" = 1753:TCP:*:Enabled:Akamai NetSession Interface
"3119:TCP" = 3119:TCP:*:Enabled:Akamai NetSession Interface
"4192:TCP" = 4192:TCP:*:Enabled:Akamai NetSession Interface
"3657:TCP" = 3657:TCP:*:Enabled:Akamai NetSession Interface
"3692:TCP" = 3692:TCP:*:Enabled:Akamai NetSession Interface
"4190:TCP" = 4190:TCP:*:Enabled:Akamai NetSession Interface
"2118:TCP" = 2118:TCP:*:Enabled:Akamai NetSession Interface
"2642:TCP" = 2642:TCP:*:Enabled:Akamai NetSession Interface
"1111:TCP" = 1111:TCP:*:Enabled:Akamai NetSession Interface
"1885:TCP" = 1885:TCP:*:Enabled:Akamai NetSession Interface
"3066:TCP" = 3066:TCP:*:Enabled:Akamai NetSession Interface
"3198:TCP" = 3198:TCP:*:Enabled:Akamai NetSession Interface
"3525:TCP" = 3525:TCP:*:Enabled:Akamai NetSession Interface
"2234:TCP" = 2234:TCP:*:Enabled:Akamai NetSession Interface
"3011:TCP" = 3011:TCP:*:Enabled:Akamai NetSession Interface
"4250:TCP" = 4250:TCP:*:Enabled:Akamai NetSession Interface
"4462:TCP" = 4462:TCP:*:Enabled:Akamai NetSession Interface
"4908:TCP" = 4908:TCP:*:Enabled:Akamai NetSession Interface
"1902:TCP" = 1902:TCP:*:Enabled:Akamai NetSession Interface
"2535:TCP" = 2535:TCP:*:Enabled:Akamai NetSession Interface
"1620:TCP" = 1620:TCP:*:Enabled:Akamai NetSession Interface
"2559:TCP" = 2559:TCP:*:Enabled:Akamai NetSession Interface
"3791:TCP" = 3791:TCP:*:Enabled:Akamai NetSession Interface
"4085:TCP" = 4085:TCP:*:Enabled:Akamai NetSession Interface
"4552:TCP" = 4552:TCP:*:Enabled:Akamai NetSession Interface
"1929:TCP" = 1929:TCP:*:Enabled:Akamai NetSession Interface
"3515:TCP" = 3515:TCP:*:Enabled:Akamai NetSession Interface
"3531:TCP" = 3531:TCP:*:Enabled:Akamai NetSession Interface
"1867:TCP" = 1867:TCP:*:Enabled:Akamai NetSession Interface
"3894:TCP" = 3894:TCP:*:Enabled:Akamai NetSession Interface
"1705:TCP" = 1705:TCP:*:Enabled:Akamai NetSession Interface
"1148:TCP" = 1148:TCP:*:Enabled:Akamai NetSession Interface
"1540:TCP" = 1540:TCP:*:Enabled:Akamai NetSession Interface
"1654:TCP" = 1654:TCP:*:Enabled:Akamai NetSession Interface
"1960:TCP" = 1960:TCP:*:Enabled:Akamai NetSession Interface
"1961:TCP" = 1961:TCP:*:Enabled:Akamai NetSession Interface
"1586:TCP" = 1586:TCP:*:Enabled:Akamai NetSession Interface
"2484:TCP" = 2484:TCP:*:Enabled:Akamai NetSession Interface
"2915:TCP" = 2915:TCP:*:Enabled:Akamai NetSession Interface
"3218:TCP" = 3218:TCP:*:Enabled:Akamai NetSession Interface
"1426:TCP" = 1426:TCP:*:Enabled:Akamai NetSession Interface
"1491:TCP" = 1491:TCP:*:Enabled:Akamai NetSession Interface
"2550:TCP" = 2550:TCP:*:Enabled:Akamai NetSession Interface
"2611:TCP" = 2611:TCP:*:Enabled:Akamai NetSession Interface
"2428:TCP" = 2428:TCP:*:Enabled:Akamai NetSession Interface
"2774:TCP" = 2774:TCP:*:Enabled:Akamai NetSession Interface
"3452:TCP" = 3452:TCP:*:Enabled:Akamai NetSession Interface
"1129:TCP" = 1129:TCP:*:Enabled:Akamai NetSession Interface
"2597:TCP" = 2597:TCP:*:Enabled:Akamai NetSession Interface
"2738:TCP" = 2738:TCP:*:Enabled:Akamai NetSession Interface
"2977:TCP" = 2977:TCP:*:Enabled:Akamai NetSession Interface
"3688:TCP" = 3688:TCP:*:Enabled:Akamai NetSession Interface
"4782:TCP" = 4782:TCP:*:Enabled:Akamai NetSession Interface
"1058:TCP" = 1058:TCP:*:Enabled:Akamai NetSession Interface
"1675:TCP" = 1675:TCP:*:Enabled:Akamai NetSession Interface
"1957:TCP" = 1957:TCP:*:Enabled:Akamai NetSession Interface
"1731:TCP" = 1731:TCP:*:Enabled:Akamai NetSession Interface
"3038:TCP" = 3038:TCP:*:Enabled:Akamai NetSession Interface
"1233:TCP" = 1233:TCP:*:Enabled:Akamai NetSession Interface
"1210:TCP" = 1210:TCP:*:Enabled:Akamai NetSession Interface
"1075:TCP" = 1075:TCP:*:Enabled:Akamai NetSession Interface
"1277:TCP" = 1277:TCP:*:Enabled:Akamai NetSession Interface
"1076:TCP" = 1076:TCP:*:Enabled:Akamai NetSession Interface
"1100:TCP" = 1100:TCP:*:Enabled:Akamai NetSession Interface
"1074:TCP" = 1074:TCP:*:Enabled:Akamai NetSession Interface
"4607:TCP" = 4607:TCP:*:Enabled:Akamai NetSession Interface
"1087:TCP" = 1087:TCP:*:Enabled:Akamai NetSession Interface
"2280:TCP" = 2280:TCP:*:Enabled:Akamai NetSession Interface
"1080:TCP" = 1080:TCP:*:Enabled:Akamai NetSession Interface
"3074:TCP" = 3074:TCP:*:Enabled:Akamai NetSession Interface
"3128:TCP" = 3128:TCP:*:Enabled:Akamai NetSession Interface
"4001:TCP" = 4001:TCP:*:Enabled:Akamai NetSession Interface
"4515:TCP" = 4515:TCP:*:Enabled:Akamai NetSession Interface
"1082:TCP" = 1082:TCP:*:Enabled:Akamai NetSession Interface
"3487:TCP" = 3487:TCP:*:Enabled:Akamai NetSession Interface
"4765:TCP" = 4765:TCP:*:Enabled:Akamai NetSession Interface
"4994:TCP" = 4994:TCP:*:Enabled:Akamai NetSession Interface
"1056:TCP" = 1056:TCP:*:Enabled:Akamai NetSession Interface
"1253:TCP" = 1253:TCP:*:Enabled:Akamai NetSession Interface
"1079:TCP" = 1079:TCP:*:Enabled:Akamai NetSession Interface
"1744:TCP" = 1744:TCP:*:Enabled:Akamai NetSession Interface
"1049:TCP" = 1049:TCP:*:Enabled:Akamai NetSession Interface
"2489:TCP" = 2489:TCP:*:Enabled:Akamai NetSession Interface
"1099:TCP" = 1099:TCP:*:Enabled:Akamai NetSession Interface
"1729:TCP" = 1729:TCP:*:Enabled:Akamai NetSession Interface
"2199:TCP" = 2199:TCP:*:Enabled:Akamai NetSession Interface
"2447:TCP" = 2447:TCP:*:Enabled:Akamai NetSession Interface
"1081:TCP" = 1081:TCP:*:Enabled:Akamai NetSession Interface
"1446:TCP" = 1446:TCP:*:Enabled:Akamai NetSession Interface
"1767:TCP" = 1767:TCP:*:Enabled:Akamai NetSession Interface
"2084:TCP" = 2084:TCP:*:Enabled:Akamai NetSession Interface
"2398:TCP" = 2398:TCP:*:Enabled:Akamai NetSession Interface
"2890:TCP" = 2890:TCP:*:Enabled:Akamai NetSession Interface
"1073:TCP" = 1073:TCP:*:Enabled:Akamai NetSession Interface
"2434:TCP" = 2434:TCP:*:Enabled:Akamai NetSession Interface
"4134:TCP" = 4134:TCP:*:Enabled:Akamai NetSession Interface
"1091:TCP" = 1091:TCP:*:Enabled:Akamai NetSession Interface
"2848:TCP" = 2848:TCP:*:Enabled:Akamai NetSession Interface
"1397:TCP" = 1397:TCP:*:Enabled:Akamai NetSession Interface
"2372:TCP" = 2372:TCP:*:Enabled:Akamai NetSession Interface
"2687:TCP" = 2687:TCP:*:Enabled:Akamai NetSession Interface
"1372:TCP" = 1372:TCP:*:Enabled:Akamai NetSession Interface
"1441:TCP" = 1441:TCP:*:Enabled:Akamai NetSession Interface
"1103:TCP" = 1103:TCP:*:Enabled:Akamai NetSession Interface
"1693:TCP" = 1693:TCP:*:Enabled:Akamai NetSession Interface
"1105:TCP" = 1105:TCP:*:Enabled:Akamai NetSession Interface
"4815:TCP" = 4815:TCP:*:Enabled:Akamai NetSession Interface
"3076:TCP" = 3076:TCP:*:Enabled:Akamai NetSession Interface
"1114:TCP" = 1114:TCP:*:Enabled:Akamai NetSession Interface
"3811:TCP" = 3811:TCP:*:Enabled:Akamai NetSession Interface
"2383:TCP" = 2383:TCP:*:Enabled:Akamai NetSession Interface
"4036:TCP" = 4036:TCP:*:Enabled:Akamai NetSession Interface
"1065:TCP" = 1065:TCP:*:Enabled:Akamai NetSession Interface
"4406:TCP" = 4406:TCP:*:Enabled:Akamai NetSession Interface
"2868:TCP" = 2868:TCP:*:Enabled:Akamai NetSession Interface
"3025:TCP" = 3025:TCP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager -- (Intuit, Inc.)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- (Microsoft Corporation)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Pure Networks, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{01B93B3A-283F-411B-A648-69CABCACC986}" = Canon MF Drivers
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}" = Canon MF Toolbox 4.7.0.0.mf04
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{1B1B3FC3-5D41-42B6-85B1-27223246E438}" = RPS Zip
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{212F5777-1190-4DEF-8E4D-6B2F313B45E7}" = PerfectDisk
"{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant
"{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}" = QuickTax 2007
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F1074A4-B6D4-4C4D-A728-C1EADDB188D9}" = RPS Security Cleanup
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator
"{316CDA1E-4760-4772-94B0-0FFC56D85700}" = RPS CRT
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37E31FCE-A048-4D8C-B167-31891BCF6585}" = muvee autoProducer 3.5 - SE
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3AB59D99-F209-4705-96A0-304C53D88958}" = RPS RpsCore
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support
"{426B3380-B8F7-4A69-9838-B1A8237F0B00}" = RPS Burn
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar)
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}" = Network Magic
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6709A989-F0AC-43E5-9DE8-4100A85715BD}" = RPS Ad Blocker
"{68F129E0-EF23-4CCE-A03F-B2C1A6DC9013}" = Rogers Online Protection
"{69B02159-7622-4DBB-B9EE-F933039830AD}" = QuickBooks Pro 2006
"{6B350CA4-0031-0002-3131-34999AD85AEC}" = InterVideo WinDVD Creator
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F5F989B-D61A-48BF-B860-3EB95600155F}" = RPS Firewall
"{72A28FB5-718C-41EC-8956-7A4FEB850A73}" = Top Producer Outlook Connector 2.0
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{78AD4938-7EE6-4DC0-A5BC-3AF82750A617}" = QuickTax Tracker
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8784867F-AA3D-4258-837C-0DC6EBAFDB5E}" = RPS Ksdk
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9242140C-E909-45B4-8315-2A3CC0786FB0}" = PDFill PDF Editor 4.1 with Writer and Tools (Unicode)
"{94570A74-CA05-43A7-9B1E-38142CDDE93B}" = RPS AntiVirus
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-0038-0409-0000-0000000FF1CE}" = Time Zone Data Update Tool for Microsoft Office Outlook
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{97355297-21C8-40CD-96D3-48E58037A9B8}" = TI1620/1520
"{9743AF47-B746-4324-B4C4-512E67D04370}" = Symantec Technical Support Web Controls
"{97F7C9CE-5C2A-4095-9BC5-3AA6A49F191B}" = RPS Performance Tool
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AA0D2D5F-612B-45D3-8759-DA87206E5CC9}" = QuickTax 2008
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AE68FB75-1887-48E8-95D9-6A2571CBC2EF}" = RPS ParentalControl
"{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0 SE
"{B045B608-4A47-4C77-9EAD-06C394503306}" = iTunes
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B46A290A-AA40-4428-8C80-E4A2E74AEC9D}" = MLX Professional Synchronization Tool
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B8D0BC3E-67DF-48A3-ACC9-EEAA8DBFBF29}" = QuickTax 2005
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}" = Pure Networks Platform
"{C96AA12B-D119-4093-95B3-8AC44D38BED8}" = RPS Privacy Manager
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 B5
"{CFAC9887-F0FA-408D-BACE-8009A16C2E0D}" = RPS AntiSpyware
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D5520D44-B1D7-4D38-A9FF-23B0137CC71E}" = RPS AntiFraud
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D71AC256-FA83-45EA-9F14-1B20BB5105C9}" = TIxx21/x515
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DD188FB1-263D-4602-9608-7CABFEA6E25F}" = RPS Backup
"{DE39E9CB-637B-45B4-B7D6-4842F3988871}" = RPS App Detector
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{E15329B7-99DB-4A2E-A6FC-68699A957264}" = RPS Diagnostic Utility
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}" = Presto! PageManager 7.15.11
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F88B38F4-1A34-4F7F-B2F7-9CA78F209BB0}" = RPS PopupBlocker
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FAFDA89B-1031-4BDB-8619-DE20CBDEDF32}" = QuickTax 2006
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FCE50DB8-C610-4C42-BE5C-193F46C6F812}" = Windows Live Messenger
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"1Click DVD Copy_is1" = 1Click DVD Copy 4.2.9.2
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"ACDSee" = ACDSee
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BB_is1" = Band-in-a-Box Font Update
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner (remove only)
"CleanUp!" = CleanUp!
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3085103C" = Data Fax SoftModem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Conexant PCI Audio" = Conexant AC-Link Audio
"Cute CD DVD Burner V6.0" = Cute CD DVD Burner V6.0
"ERUNT_is1" = ERUNT 1.1j
"ExpressRip" = Express Rip
"FinePrint" = FinePrint
"Free DVD Decrypter_is1" = Free DVD Decrypter version 1.3
"HijackThis" = HijackThis 1.99.1
"HP Photo Imaging Software" = HP Photo Imaging Software
"HP Photo Printing Software" = HP Photo Printing Software
"hp print screen utility" = hp print screen utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{78AD4938-7EE6-4DC0-A5BC-3AF82750A617}" = QuickTax Tracker
"InstallShield_{97355297-21C8-40CD-96D3-48E58037A9B8}" = PCI 1620 Cardbus Controller and Software
"InstallShield_{D71AC256-FA83-45EA-9F14-1B20BB5105C9}" = Texas Instruments PCIxx21/x515 drivers.
"LimeWire" = LimeWire 5.1.3
"Linksys Bi-Admin" = Linksys Bi-Admin
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Metacafe" = Metacafe
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MSPUB4" = Microsoft Publisher 97
"Multiple Offers1.0" = OREA Multiple Offers
"Net2Phone_10_0" = Net2Phone/Net2Fax
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office8.0" = Microsoft Office 97, Professional Edition
"OREA_Courses_Catalog" = OREA Real Estate College Courses Catalog 4.0
"PDFill PDF Writer" = PDFill PDF Writer
"Pixillion" = Pixillion Image Converter
"Print Server Driver" = Print Server Driver
"Prism" = Prism Video Converter
"QVP" = Quick View Plus
"RadialpointClientGateway_is1" = Rogers Servicepoint Agent 2.0.21
"Real Estate Encyclopedia" = Real Estate Encyclopedia
"RealPlayer 6.0" = RealPlayer
"Rogers Yahoo! Applications" = Rogers Yahoo! Applications
"Skype_is1" = Skype 2.5
"SlowBlast!" = SlowBlast!
"Snapshot Viewer" = Snapshot Viewer
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Switch" = Switch
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Textbook Edition" = Textbook Edition
"ToolBox" = NCH Toolbox
"TOP PRODUCER 7i Data Transfer Wizard" = TOP PRODUCER 7i Data Transfer Wizard
"TOP PRODUCER Data Transfer Wizard" = TOP PRODUCER Data Transfer Wizard
"Top Producer Editor_is1" = Top Producer Editor
"Uninstall_is1" = Uninstall 1.0.0.1
"VSC32" = Virtual Sound Canvas 3.2
"WavePad" = WavePad Sound Editor
"WIC" = Windows Imaging Component
"Windows CE Services" = Microsoft ActiveSync 3.8
"Windows Live Safety scanner" = Windows Live Safety scanner
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"wm8eutil" = Windows Media 8 Encoding Utility
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320
"Quicken Deluxe 99" = Quicken Deluxe 99
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11/14/2009 12:49:28 AM | Computer Name = USER-CB34E5069C | Source = VSC32 | ID = 327806
Description = This format is not supported by VSC WAVE device. [This is illegal
frequency]
Error - 11/14/2009 12:49:28 AM | Computer Name = USER-CB34E5069C | Source = VSC32 | ID = 327806
Description = This format is not supported by VSC WAVE device. [This is illegal
frequency]
Error - 11/14/2009 3:23:50 AM | Computer Name = USER-CB34E5069C | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 11/14/2009 3:24:34 AM | Computer Name = USER-CB34E5069C | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 11/14/2009 3:25:24 AM | Computer Name = USER-CB34E5069C | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 11/14/2009 3:26:09 AM | Computer Name = USER-CB34E5069C | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 11/14/2009 4:24:10 AM | Computer Name = USER-CB34E5069C | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 11/14/2009 4:24:54 AM | Computer Name = USER-CB34E5069C | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 11/14/2009 6:01:38 AM | Computer Name = USER-CB34E5069C | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 11/14/2009 6:02:20 AM | Computer Name = USER-CB34E5069C | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
[ System Events ]
Error - 11/12/2009 7:16:44 AM | Computer Name = USER-CB34E5069C | Source = DCOM | ID = 10010
Description = The server {222F1C6D-F430-4B76-B3F1-1FE92E214AD3} did not register
with DCOM within the required timeout.
Error - 11/13/2009 7:32:41 AM | Computer Name = USER-CB34E5069C | Source = Print | ID = 23
Description = Printer PageManager PDF Writer,0 failed to initialize because a suitable
PageManager PDF Writer driver could not be found.
Error - 11/13/2009 7:33:34 AM | Computer Name = USER-CB34E5069C | Source = Service Control Manager | ID = 7023
Description = The Human Interface Device Access service terminated with the following
error: %%126
Error - 11/13/2009 7:36:32 AM | Computer Name = USER-CB34E5069C | Source = DCOM | ID = 10010
Description = The server {222F1C6D-F430-4B76-B3F1-1FE92E214AD3} did not register
with DCOM within the required timeout.
Error - 11/14/2009 4:52:51 AM | Computer Name = USER-CB34E5069C | Source = Print | ID = 23
Description = Printer PageManager PDF Writer,0 failed to initialize because a suitable
PageManager PDF Writer driver could not be found.
Error - 11/14/2009 4:53:46 AM | Computer Name = USER-CB34E5069C | Source = Service Control Manager | ID = 7023
Description = The Human Interface Device Access service terminated with the following
error: %%126
Error - 11/14/2009 4:57:13 AM | Computer Name = USER-CB34E5069C | Source = DCOM | ID = 10010
Description = The server {222F1C6D-F430-4B76-B3F1-1FE92E214AD3} did not register
with DCOM within the required timeout.
Error - 11/14/2009 5:47:39 AM | Computer Name = USER-CB34E5069C | Source = Print | ID = 23
Description = Printer PageManager PDF Writer,0 failed to initialize because a suitable
PageManager PDF Writer driver could not be found.
Error - 11/14/2009 5:48:43 AM | Computer Name = USER-CB34E5069C | Source = Service Control Manager | ID = 7023
Description = The Human Interface Device Access service terminated with the following
error: %%126
Error - 11/14/2009 5:52:20 AM | Computer Name = USER-CB34E5069C | Source = DCOM | ID = 10010
Description = The server {222F1C6D-F430-4B76-B3F1-1FE92E214AD3} did not register
with DCOM within the required timeout.
< End of report >