I ran all the programs suggested and it is better. I also used the registry mechanic on the registry. However I am still worried there is malware on this pc. Following are all the logs. If someone has time to analyse them and see what needs removing I would greatly appreciate it:
Mbam log:
Malwarebytes' Anti-Malware 1.41
Database version: 3219
Windows 5.1.2600 Service Pack 3
11/23/2009 2:23:18 PM
mbam-log-2009-11-23 (14-23-18).txt
Scan type: Quick Scan
Objects scanned: 137975
Time elapsed: 7 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
rootrepeal log:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/23 20:16
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: 2c780bda.sys
Image Path: C:\WINDOWS\System32\Drivers\2c780bda.sys
Address: 0xAF690000 Size: 143744 File Visible: No Signed: -
Status: -
Name: ab07cd40.sys
Image Path: C:\WINDOWS\System32\Drivers\ab07cd40.sys
Address: 0xAF603000 Size: 574976 File Visible: No Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB051C000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79C1000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAF45B000 Size: 49152 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb0661cb0
#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb06619c0
#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb0661b40
#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb06625b0
#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb0662230
#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb0662f10
#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb0661e00
#: 116 Function Name: NtOpenFile
Status: Hooked by "kl1.sys" at address 0xf7863000
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\Program Files\PCSecurityShield\BitDefender 2009\bdselfpr.sys" at address 0xb0218c90
#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb0662400
#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\Program Files\PCSecurityShield\BitDefender 2009\bdselfpr.sys" at address 0xb0218d7e
#: 173 Function Name: NtQuerySystemInformation
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb0662bc0
#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb0662ec0
#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb0663230
#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb0663ae0
#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb06672a0
#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb065fa30
#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb0662e70
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\PCSecurityShield\BitDefender 2009\bdselfpr.sys" at address 0xb0218bf4
#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\Program Files\PCSecurityShield\BitDefender 2009\bdselfpr.sys" at address 0xb0218ec4
#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\System32\drivers\klif.sys" at address 0xb0661cd0
==EOF==
OTL LOG:
OTL logfile created on: 11/23/2009 8:21:26 PM - Run 1
OTL by OldTimer - Version 3.1.8.0 Folder = C:\Documents and Settings\Owner\Desktop\Brother David
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 76.45% Memory free
2.21 Gb Paging File | 1.83 Gb Available in Paging File | 82.88% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.09 Gb Total Space | 52.34 Gb Free Space | 76.87% Space Free | Partition Type: NTFS
Drive D: | 6.42 Gb Total Space | 2.34 Gb Free Space | 36.39% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-LK4RLMSU41
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/11/23 20:20:01 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Brother David\OTL.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/14 09:56:27 | 00,413,696 | ---- | M] (PCSecurityShield) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2009/07/14 09:56:20 | 01,626,112 | ---- | M] (PCSecurityShield) -- C:\Program Files\PCSecurityShield\BitDefender 2009\vsserv.exe
PRC - [2009/07/14 09:53:53 | 00,438,272 | ---- | M] () -- C:\Program Files\PCSecurityShield\BitDefender 2009\seccenter.exe
PRC - [2009/07/14 09:53:15 | 00,778,240 | ---- | M] (PCSecurityShield) -- C:\Program Files\PCSecurityShield\BitDefender 2009\bdagent.exe
PRC - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/02/02 15:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [2004/08/20 14:51:14 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2003/07/24 02:03:27 | 00,016,384 | ---- | M] () -- C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
PRC - [2003/03/21 16:52:06 | 00,552,960 | ---- | M] (interMute, Inc.) -- C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
PRC - [2003/02/24 17:51:14 | 00,053,248 | ---- | M] (TODO: <Company name>) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
PRC - [2003/02/21 03:07:06 | 00,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe
PRC - [2003/02/21 02:50:10 | 00,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
PRC - [1998/05/07 15:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe
========== Modules (SafeList) ==========
MOD - [2009/11/23 20:20:01 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Brother David\OTL.exe
MOD - [2008/04/13 16:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 16:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2003/07/24 02:03:27 | 00,024,576 | ---- | M] (BackWeb) -- C:\Documents and Settings\Owner\Local Settings\Temp\IadHide4.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/08 07:46:09 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009/07/14 09:56:27 | 00,413,696 | ---- | M] (PCSecurityShield) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2009/07/14 09:56:20 | 01,626,112 | ---- | M] (PCSecurityShield) -- C:\Program Files\PCSecurityShield\BitDefender 2009\vsserv.exe -- (VSSERV)
SRV - [2009/07/14 09:51:13 | 00,323,584 | ---- | M] (PCSecurityShield) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2008/11/09 12:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/18 12:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/07/17 11:06:56 | 00,118,784 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3)
SRV - [2008/04/13 16:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/08/23 13:16:26 | 00,200,768 | ---- | M] (PCSecurityShield) -- C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe -- (AVP)
SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2003/05/02 22:19:00 | 00,069,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003/02/21 03:07:06 | 00,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe -- (omniserv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/11 14:31:26 | 00,000,000 | ---D | M]
[2009/06/11 14:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/06/11 14:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (The Shield Deluxe 2009 Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\PCSecurityShield\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVP] C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe (PCSecurityShield)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\PCSecurityShield\BitDefender 2009\bdagent.exe (PCSecurityShield)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\PCSecurityShield\BitDefender 2009\IEShow.exe (The Shield Deluxe 2009 )
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe (TODO: <Company name>)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [StorageGuard] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (interMute, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\scieplugin.dll (PCSecurityShield)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} http://w4s2.work4sur...ge/w4sgeen9.exe (Reg Error: Key error.)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} https://us.dl1.yimg....nst20040510.cab (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Program Files\Softex\OmniPass\opxpgina.dll - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/07/24 00:29:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 03:02:32 | 00,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{6ec66b7b-b417-11de-955a-00402b793ad3}\Shell - "" = AutoRun
O33 - MountPoints2\{6ec66b7b-b417-11de-955a-00402b793ad3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6ec66b7b-b417-11de-955a-00402b793ad3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ed7c6639-9c87-11de-9524-00402b793ad3}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/06/05 17:10:37 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16892114965102592)
========== Files/Folders - Created Within 14 Days ==========
[2009/11/23 14:15:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/11/23 14:15:18 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/23 14:15:15 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/23 14:15:15 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/23 14:15:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/23 14:12:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/23 14:11:59 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/22 14:02:47 | 00,000,000 | ---D | C] -- C:\Program Files\Finale NotePad 2008
[2009/11/13 08:51:53 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/13 08:51:53 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/13 08:51:53 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
========== Files - Modified Within 14 Days ==========
[2009/11/23 20:22:36 | 25,235,488 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/11/23 20:22:34 | 01,698,336 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/11/23 20:21:18 | 03,932,160 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/11/23 20:10:10 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/23 19:20:59 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{42DFBE74-20AC-4D0C-9FAE-E93F3DDC92FE}.job
[2009/11/23 19:17:18 | 00,000,450 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2009/11/23 16:16:13 | 00,001,456 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/11/23 16:13:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/23 16:13:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/23 16:13:24 | 21,380,95616 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/23 16:12:51 | 00,294,188 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/11/23 16:12:51 | 00,159,332 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/11/23 16:12:48 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2009/11/23 16:12:46 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/11/23 15:55:34 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\Owner\ntuser.dat.rmbak
[2009/11/23 15:20:33 | 00,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2009/11/23 14:08:30 | 00,471,444 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/23 14:08:30 | 00,402,736 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/23 14:08:30 | 00,063,220 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/22 14:16:35 | 06,925,388 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/11/22 13:30:32 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/16 14:11:39 | 00,011,488 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Youth North Region.docx
[2009/11/12 09:02:49 | 00,274,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/11 10:07:25 | 00,010,548 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Testimony Questions.docx
========== Files Created - No Company Name ==========
[2009/11/23 20:10:10 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/23 15:20:33 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/11/16 14:11:39 | 00,011,488 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Youth North Region.docx
[2009/09/08 07:50:08 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2009/09/08 07:50:03 | 00,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2009/09/08 07:49:58 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2009/09/08 07:49:57 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2009/06/29 05:59:04 | 00,081,928 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/06/22 11:02:55 | 00,002,301 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/06/18 07:52:50 | 00,000,533 | ---- | C] () -- C:\WINDOWS\PSDCWIN.INI
[2009/06/18 07:52:50 | 00,000,525 | ---- | C] () -- C:\WINDOWS\PSDWIN.INI
[2009/06/05 19:21:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2008/10/09 14:31:54 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2007/01/31 12:50:32 | 00,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2003/08/26 07:40:37 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2003/08/26 07:40:37 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2003/08/26 07:40:24 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2003/08/26 07:40:24 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2003/08/26 07:40:23 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2003/08/26 07:40:18 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2003/08/26 07:40:09 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2003/08/26 07:40:00 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2003/08/26 07:39:59 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2003/08/26 07:39:49 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2003/08/26 07:04:45 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2003/08/26 07:04:36 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2003/08/26 07:02:33 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2003/08/26 07:02:33 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2003/08/26 07:02:33 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2003/08/26 07:02:33 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2003/08/26 07:02:33 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2003/08/26 07:02:33 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2003/08/26 07:02:33 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2003/08/26 07:02:33 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2003/08/26 07:02:33 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2003/08/26 07:02:33 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2003/07/26 02:17:16 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/07/26 00:57:44 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/07/24 02:10:43 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/07/24 02:10:24 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003/07/24 02:10:24 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/07/24 02:05:31 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/07/24 02:02:11 | 00,025,438 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003/07/24 02:01:47 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/07/24 02:01:15 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/07/24 01:47:54 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/07/24 01:47:40 | 00,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/07/24 01:19:54 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/07/24 00:52:31 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/07/24 00:50:43 | 06,925,388 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2003/07/24 00:44:55 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/07/24 00:44:55 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/07/24 00:44:37 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/07/24 00:32:33 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/07/24 00:31:54 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2003/07/24 00:29:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2003/07/24 00:26:33 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2003/07/24 00:26:33 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2003/07/24 00:25:42 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2003/07/24 00:25:41 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2003/07/24 00:18:12 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/07/24 00:17:53 | 00,000,487 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/07/24 00:17:49 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2003/07/24 00:17:49 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/07/24 00:17:44 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2003/07/24 00:17:42 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2003/07/24 00:17:42 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2003/07/24 00:17:42 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2003/07/24 00:17:42 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2003/07/24 00:17:42 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2003/07/24 00:17:42 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2003/07/24 00:17:34 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2003/07/24 00:17:27 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2003/07/24 00:17:14 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2003/07/23 21:46:21 | 00,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/07/23 21:46:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/07/23 17:22:13 | 00,471,444 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2003/07/23 17:22:12 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/07/23 17:21:54 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2003/06/23 17:27:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/12/12 06:14:32 | 01,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2002/12/12 06:14:32 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2002/12/12 06:14:32 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2002/12/12 06:14:32 | 00,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2002/12/12 06:14:32 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2002/12/12 06:14:32 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2002/12/12 06:14:32 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2002/12/12 06:14:32 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2002/12/12 06:14:32 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2002/12/12 06:14:32 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2002/11/26 13:15:52 | 00,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2002/11/26 13:15:50 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2002/05/24 07:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 07:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2001/08/17 21:36:28 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
========== LOP Check ==========
[2009/09/08 07:41:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/07/14 09:18:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2003/07/23 17:21:54 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/06/24 07:47:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2009/11/23 14:34:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2009/07/02 08:53:29 | 00,002,301 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/11/23 14:15:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/23 15:42:58 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/09/24 08:42:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2003/07/24 02:07:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2009/07/14 07:14:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSecurityShield
[2003/07/24 00:33:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/06/15 13:20:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/11/23 16:12:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/24 07:49:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2009/08/06 14:29:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/09/30 07:06:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/06/15 10:36:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/09/13 11:58:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/09/09 11:31:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2009/06/25 11:36:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AdobeUM
[2009/07/14 08:55:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitDefender
[2003/07/23 17:21:54 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2009/07/15 07:01:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2009/11/22 14:15:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GNU Solfege
[2009/06/22 13:16:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Google
[2009/10/11 14:00:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Help
[2009/09/08 13:50:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HorizonWimba
[2009/06/24 07:48:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HP
[2003/07/24 00:29:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Identities
[2003/07/26 00:57:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2009/07/22 09:22:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2009/06/23 13:08:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2009/06/11 14:35:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2009/11/23 14:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/08/30 19:00:02 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2009/06/22 10:49:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Motive
[2009/06/11 14:35:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2009/09/09 10:48:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2009/09/06 11:37:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Real
[2003/07/24 02:02:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/10/11 12:12:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sibelius Software
[2009/06/05 19:38:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sonic
[2009/06/11 14:30:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sun
[2003/07/26 00:54:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Symantec
[2009/10/21 12:38:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\U3
[2009/06/15 10:36:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Yahoo!
[2002/08/29 11:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/23 16:13:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/11/23 19:20:59 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{42DFBE74-20AC-4D0C-9FAE-E93F3DDC92FE}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2008/07/17 11:06:54 | 00,001,536 | ---- | M] () MD5=CAA9BBBE220DDB97B81FAC66321B513B -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll
[2004/08/03 23:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/03 23:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/03 23:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/03 23:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/03 23:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/03 23:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
< %SYSTEMDRIVE%\sceclt.dll /s /md5 >
< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >
< %SYSTEMDRIVE%\logevent.dll /s /md5 >
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/03 21:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2002/08/29 04:00:00 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 21:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004/08/03 22:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/03 22:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >
< %SYSTEMDRIVE%\viamraid.sys /s /md5 >
< %SYSTEMDRIVE%\nvata.sys /s /md5 >
< %SYSTEMDRIVE%\nvgts.sys /s /md5 >
< %SYSTEMDRIVE%\iastorv.sys /s /md5 >
< %SYSTEMDRIVE%\ViPrt.sys /s /md5 >
========== Alternate Data Streams ==========
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
Extras log:
OTL Extras logfile created on: 11/23/2009 8:21:26 PM - Run 1
OTL by OldTimer - Version 3.1.8.0 Folder = C:\Documents and Settings\Owner\Desktop\Brother David
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 76.45% Memory free
2.21 Gb Paging File | 1.83 Gb Available in Paging File | 82.88% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.09 Gb Total Space | 52.34 Gb Free Space | 76.87% Space Free | Partition Type: NTFS
Drive D: | 6.42 Gb Total Space | 2.34 Gb Free Space | 36.39% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-LK4RLMSU41
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe" = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe:*:Enabled:BackWeb-1940576 -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01F9D88C-3C86-4E82-840A-101A3221F67A}" = Microsoft Money 2003
"{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}" = Microsoft Money 2003 System Pack
"{0451FD8E-D80E-4BA6-AE02-EBE80A059CB0}" = Sibelius Scorch (ActiveX Only)
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 17
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{483616D1-867E-46F8-BEC7-3C6475933908}" = Adobe Photoshop Album Starter Edition
"{4FCC384C-18EA-4E25-9281-A06AE006D219}" = Weblink
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{D4B8C119-00F2-4C9D-A669-9AE3EA4A1641}" = The Shield Deluxe 2009
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass
"{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"05E21449-3BA3-42BF-BBDA-95205F4EA40A" = Polar Bowler from Compaq (remove only)
"26DC0ED6-93A7-43C1-8DC5-EC16079580F9" = Orbital from Compaq (remove only)
"29FF6D07-4A15-41F1-9D5E-E0F3A58012C6" = Bounce from Compaq (remove only)
"2FDCC229-354D-4279-ABEF-CE17E355BFFA" = Five Card Frenzy from Compaq (remove only)
"33A16A26-1533-4016-AE2D-89D6398D7EB2" = Blackhawk Striker from Compaq (remove only)
"350CC34B-2B8E-4EE5-AE4D-F04FDF37DC39" = Blasterball 2 from Compaq (remove only)
"623398D3-0B1E-4A63-A019-9BA8E77962AD" = Honeycombs from Compaq (remove only)
"75443238-3575-492C-9122-6A88DC3A2B75" = STX from Compaq (remove only)
"8567FC11-B0BF-49CD-9EF0-959413FA103D" = Slyder from Compaq (remove only)
"8A225900-C06D-41DD-B66C-43840D472758" = Otto from Compaq (remove only)
"99C981FF-0F90-4259-B2A6-D3B1A1589A0A" = Cannonballs from Compaq (remove only)
"9A8CE71F-71D5-4555-B355-85481DC99B80" = Excavation from Compaq (remove only)
"A6A08018-6E8D-44BA-B964-8235A0B34985" = Mars Rover from Compaq (remove only)
"AD0E57E8-ABB1-4BF6-9AFF-0C7DDA1710CD" = GemMaster 3 from Compaq (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Audio Record Wizard 4_is1" = Audio Record Wizard v4.0.1
"BackWeb-1940576 Uninstaller" = Compaq Connections
"EEDAA297-DFDF-436A-B977-D95EA63C907D" = Virtual Warfare from Compaq (remove only)
"ERUNT_is1" = ERUNT 1.1j
"Finale NotePad 2008" = Finale NotePad 2008
"GNU Solfege_is1" = GNU Solfege 3.14.9
"Homestead SiteBuilder" = Homestead SiteBuilder
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"Instant Support" = Instant Support
"Java Web Start" = Java Web Start
"LimeWire" = LimeWire 5.1.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Membership Plus 9.0" = Membership Plus 9.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Gart Driver" = NVIDIA Gart Driver
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"Registry Mechanic_is1" = Registry Mechanic 8.0
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"Shop for HP Supplies" = Shop for HP Supplies
"SpamSubtract" = SpamSubtract
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/6/2009 3:30:51 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 9.0.0.4503, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/6/2009 3:32:29 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Application Hang | ID = 1002
Description = Hanging application realplay.exe, version 6.0.11.853, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/6/2009 3:33:09 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Application Hang | ID = 1002
Description = Hanging application realplay.exe, version 6.0.11.853, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/6/2009 3:34:14 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Application Hang | ID = 1002
Description = Hanging application realplay.exe, version 6.0.11.853, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/9/2009 11:51:59 AM | Computer Name = YOUR-LK4RLMSU41 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/13/2009 9:17:45 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Application Error | ID = 1000
Description = Faulting application hpqtra08.exe, version 110.0.180.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x000369da.
Error - 9/18/2009 1:12:02 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Application Error | ID = 1000
Description = Faulting application hpqtra08.exe, version 110.0.180.0, faulting module
hpqcpta.dll, version 10.0.0.202, fault address 0x000046a9.
Error - 9/21/2009 6:40:32 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/23/2009 9:19:48 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x629148c4.
Error - 9/24/2009 12:38:33 PM | Computer Name = YOUR-LK4RLMSU41 | Source = MsiInstaller | ID = 11925
Description = Product: Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office
programs -- Error 1925. You do not have sufficient privileges to complete this
installation for all users of the machine. Log on as administrator and then retry
this installation.
[ System Events ]
Error - 11/23/2009 7:25:41 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 11/23/2009 7:25:41 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 11/23/2009 7:35:10 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 11/23/2009 7:36:33 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.
Error - 11/23/2009 7:56:30 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 11/23/2009 7:57:55 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.
Error - 11/23/2009 8:03:19 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 11/23/2009 8:04:42 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.
Error - 11/23/2009 8:13:41 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 11/23/2009 8:15:03 PM | Computer Name = YOUR-LK4RLMSU41 | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.
< End of report >