The computer starts normally, but the screen will go blank at seemingly random times. Apparently it is frequently triggered by one of the kids trying to access his Yahoo mail. Sometimes clicking the mail link, sometimes after mail comes up. I also noticed it when accessing data off of a thumb drive I was using. The screen goes blank with different screen colors. I've seen green, yellow, orange, blue, and black. I'm not sure if it's important but it seems like it's worth mentioning.
I went through the recommended virus/malware removal steps recommended on the site, and the Anti-Malware (MBAM) identified and removed 22 infections. The results of the MBAM, Rootkit Scanner (GMER), and OTL scan follow. I'd appreciate any help you could give me. I've also attached the files in case that's easier.
Thanks!
______________________________________________________________________________________________________________
**MBAM LOG
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4531
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
9/2/2010 11:13:39 AM
mbam-log-2010-09-02 (11-13-39).txt
Scan type: Quick scan
Objects scanned: 152418
Time elapsed: 5 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 24
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
___________________________________________________________________________________________________________
**GMER LOG
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-02 14:12:50
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\VETERAN\LOCALS~1\Temp\pwtdypow.sys
---- System - GMER 1.0.15 ----
SSDT 86F65F30 ZwAllocateVirtualMemory
SSDT 86FE17E8 ZwCreateKey
SSDT 86F7FA08 ZwCreateProcess
SSDT 86F7F990 ZwCreateProcessEx
SSDT 86FD65B0 ZwCreateThread
SSDT 86F91198 ZwDeleteKey
SSDT 86FDC158 ZwDeleteValueKey
SSDT 86F65FA8 ZwQueueApcThread
SSDT 86F65E40 ZwReadVirtualMemory
SSDT 86F2F160 ZwRenameKey
SSDT 86FD6448 ZwSetContextThread
SSDT 86FE05D8 ZwSetInformationKey
SSDT 86FD66A0 ZwSetInformationProcess
SSDT 86FD64C0 ZwSetInformationThread
SSDT 86FDC1D0 ZwSetValueKey
SSDT 86FD6628 ZwSuspendProcess
SSDT 86F65020 ZwSuspendThread
SSDT 86FD6718 ZwTerminateProcess
SSDT 86FD6538 ZwTerminateThread
SSDT 86F65EB8 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2C88 80504524 4 Bytes CALL 12D74340
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xA9E54A00]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[2036] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00450771 C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2136] ntdll.dll!KiUserExceptionDispatcher + 9 7C90E485 5 Bytes JMP 00017DB0 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2136] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00016000 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2136] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 000169B0 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2136] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00016000 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2136] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00016960 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[2136] kernel32.dll!VirtualFree 7C809B84 5 Bytes JMP 00016990 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
Device \Driver\Tcpip \Device\Ip 869D3448
Device \Driver\Tcpip \Device\Ip 86A1F020
Device \Driver\Tcpip \Device\Tcp 869D3448
Device \Driver\Tcpip \Device\Tcp 86A1F020
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
Device \Driver\Tcpip \Device\Udp 869D3448
Device \Driver\Tcpip \Device\Udp 86A1F020
Device \Driver\Tcpip \Device\RawIp 869D3448
Device \Driver\Tcpip \Device\RawIp 86A1F020
Device \Driver\Tcpip \Device\IPMULTICAST 869D3448
Device \Driver\Tcpip \Device\IPMULTICAST 86A1F020
AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
_____________________________________________________________________________________________________________________
OTL LOG
OTL logfile created on: 9/2/2010 2:37:39 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\VETERAN\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,014.00 Mb Total Physical Memory | 491.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.46 Gb Total Space | 52.72 Gb Free Space | 77.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JGN0ZC1
Current User Name: VETERAN
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\VETERAN\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Logitech\Logitech Vid\Vid.exe (Logitech Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\system32\Crypserv.exe (CrypKey (Canada) Ltd.)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\EarthLink 5.0\updatemgr.exe (EarthLink, Inc.)
PRC - C:\WINDOWS\system32\mrtmngr.exe (Marimba Inc.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\VETERAN\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll (Adobe Systems, Inc.)
MOD - C:\Program Files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll (SOS Online Backup)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvcp60.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\xpsp2res.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WRConsumerService) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Crypkey License) -- C:\WINDOWS\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
========== Driver Services (SafeList) ==========
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (ssidrv) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (Ai2sXP) -- C:\WINDOWS\System32\drivers\Ai2sXP.sys (Ai Squared )
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (NetworkX) -- C:\WINDOWS\system32\ckldrv.sys ()
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (bvrp_pci) -- C:\WINDOWS\System32\drivers\bvrp_pci.sys ()
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (BrPar) -- C:\WINDOWS\System32\drivers\BrPar.sys (Brother Industries Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 1
[2008/12/02 06:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\Mozilla\Extensions
[2008/12/02 06:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\Mozilla\Firefox\Profiles\0viua6ku.default\extensions
[2008/12/02 06:45:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\VETERAN\Application Data\Mozilla\Firefox\Profiles\0viua6ku.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/12/02 06:52:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/02 06:52:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
O1 HOSTS File: ([2010/01/07 13:53:51 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AhIeBho Class) - {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - C:\Program Files\ZoomText 9.1\ahoi\ah_ie_bho.dll (Ai Squared )
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [UpdateMgr.exe] C:\Program Files\EarthLink 5.0\updatemgr.exe (EarthLink, Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident\4.0; File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: adultfriendfinder.com ([profile] https in Trusted sites)
O15 - HKCU\..Trusted Domains: adultfriendfinder.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([us.mg4.mail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1159902408703 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1159902991781 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\VETERAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\VETERAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{eb431ffd-e4af-11dd-9f41-0019b934bbff}\Shell - "" = AutoRun
O33 - MountPoints2\{eb431ffd-e4af-11dd-9f41-0019b934bbff}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eb431ffd-e4af-11dd-9f41-0019b934bbff}\Shell\AutoRun\command - "" = E:\DPFMate.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: LanmanWorkstation - File not found
NetSvcs: Messenger - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 90 Days ==========
[2010/09/02 14:26:24 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\VETERAN\Desktop\OTL.exe
[2010/09/02 11:06:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VETERAN\Application Data\Malwarebytes
[2010/09/02 11:06:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/02 11:06:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/02 11:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/02 11:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/02 11:05:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/02 11:04:44 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/02 10:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VETERAN\Desktop\Malware removal
[2010/08/31 13:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/08/31 12:58:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VETERAN\Application Data\U3
[2010/07/13 16:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VETERAN\Local Settings\Application Data\Temp
[2010/07/06 22:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/07/04 20:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/07/04 19:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/07/03 23:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VETERAN\Local Settings\Application Data\Apple
[2010/07/03 23:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/07/03 23:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/03 23:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/07/03 23:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/07/03 23:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\VETERAN\Local Settings\Application Data\Apple Computer
[2010/06/18 22:49:49 | 000,000,000 | ---D | C] -- C:\3f7fbbd9b12a51b4a70acc5371fedbdd
[2010/06/18 21:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/06/18 20:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[1 C:\Documents and Settings\VETERAN\My Documents\*.tmp files -> C:\Documents and Settings\VETERAN\My Documents\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/09/02 14:36:25 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/02 14:34:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/02 14:34:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/02 14:34:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/02 11:51:58 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EDC264B8-7932-48CD-AF02-4CDEBD5F2469}.job
[2010/09/02 11:49:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\VETERAN\Desktop\OTL.exe
[2010/09/02 11:15:53 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\VETERAN\ntuser.dat
[2010/09/02 11:15:53 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\VETERAN\ntuser.ini
[2010/09/02 11:15:28 | 006,347,184 | -H-- | M] () -- C:\Documents and Settings\VETERAN\Local Settings\Application Data\IconCache.db
[2010/09/02 11:06:33 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/02 11:04:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/02 11:01:00 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/09/02 10:28:55 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\newcover2.doc
[2010/09/02 10:26:41 | 000,064,512 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\Tom Hanson_mt_modssup.doc
[2010/08/31 22:13:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/31 12:10:49 | 000,001,650 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L598B8299E0CC46E28CEC5398D61F2518.job
[2010/08/25 12:16:16 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\Chase's.doc
[2010/08/25 12:02:03 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\VETERAN\Desktop\Word.lnk
[2010/08/24 13:58:37 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\faxcovertom.doc
[2010/08/24 13:57:59 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\faxresume.doc
[2010/08/23 22:36:46 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\VETERAN\Desktop\Chase's.doc
[2010/08/23 22:36:20 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\VETERAN\Desktop\Chase.doc
[2010/08/23 21:49:01 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\Tom Hanson_mt_mods.doc
[2010/08/23 21:02:31 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\VETERAN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/23 17:34:05 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/23 12:44:27 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\VETERAN\My Documents\~$m Hanson_mt_mods.doc
[2010/08/12 03:25:25 | 000,414,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 03:09:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 03:07:26 | 000,552,150 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 03:07:26 | 000,476,530 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 03:07:26 | 000,085,754 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/02 10:08:15 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\newcover.doc
[2010/06/30 10:32:35 | 002,083,652 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\amycodmegrad.JPG
[2010/06/30 10:31:09 | 002,083,652 | ---- | M] () -- C:\Documents and Settings\VETERAN\My Documents\odymegrd.JPG
[1 C:\Documents and Settings\VETERAN\My Documents\*.tmp files -> C:\Documents and Settings\VETERAN\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/09/02 11:06:33 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/25 12:16:16 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\VETERAN\My Documents\Chase's.doc
[2010/08/24 13:58:36 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\VETERAN\My Documents\faxcovertom.doc
[2010/08/24 13:53:04 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\VETERAN\My Documents\faxresume.doc
[2010/08/23 22:36:46 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\VETERAN\Desktop\Chase's.doc
[2010/08/23 22:35:55 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\VETERAN\Desktop\Chase.doc
[2010/08/23 22:12:10 | 000,002,497 | ---- | C] () -- C:\Documents and Settings\VETERAN\Desktop\Word.lnk
[2010/08/23 17:34:05 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/23 12:44:27 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\VETERAN\My Documents\~$m Hanson_mt_mods.doc
[2010/08/22 19:24:57 | 000,001,650 | ---- | C] () -- C:\WINDOWS\tasks\wrSpySweeper_L598B8299E0CC46E28CEC5398D61F2518.job
[2010/07/04 19:59:36 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/04 19:59:36 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/03 23:20:01 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/30 10:32:31 | 002,083,652 | ---- | C] () -- C:\Documents and Settings\VETERAN\My Documents\amycodmegrad.JPG
[2010/06/30 10:31:06 | 002,083,652 | ---- | C] () -- C:\Documents and Settings\VETERAN\My Documents\odymegrd.JPG
[2010/06/09 18:04:07 | 005,505,024 | ---- | C] () -- C:\Documents and Settings\VETERAN\ntuser.dat
[2009/11/06 13:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 06:36:43 | 000,000,039 | ---- | C] () -- C:\WINDOWS\updatemgr.INI
[2009/05/08 10:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 16:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/11/22 20:50:01 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\VETERAN\Local Settings\Application Data\keyfile3.drm
[2008/07/05 08:26:02 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\VETERAN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/22 12:48:04 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2007/10/12 02:11:58 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/10/02 11:12:22 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Earthlink.INI
[2007/10/02 10:48:56 | 000,000,026 | ---- | C] () -- C:\WINDOWS\ERegClnt.INI
[2007/09/28 10:50:30 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2007/02/09 20:26:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/01/25 14:25:07 | 000,000,379 | ---- | C] () -- C:\WINDOWS\pagebreeze.ini
[2007/01/25 14:25:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\formbreeze.ini
[2006/12/19 12:26:50 | 000,000,399 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/12/18 15:49:21 | 000,000,083 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2006/12/18 15:49:18 | 000,031,846 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2006/12/18 15:49:18 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2006/12/18 15:49:05 | 000,000,380 | ---- | C] () -- C:\WINDOWS\dcmuser.ini
[2006/12/18 15:39:22 | 000,000,090 | ---- | C] () -- C:\WINDOWS\TestSupp.ini
[2006/11/29 13:16:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/28 09:51:43 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/11/28 09:51:30 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2006/11/28 09:51:30 | 000,000,012 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2006/11/28 09:51:30 | 000,000,011 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2006/11/28 09:51:24 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2006/11/28 09:51:24 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2006/11/27 12:49:10 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/11/14 09:15:36 | 000,001,004 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/11/02 09:27:46 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2006/09/25 22:19:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/25 22:17:24 | 000,000,263 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/25 21:55:20 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2006/09/25 21:55:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2006/05/31 17:06:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\LDWaveIO.dll
[2006/05/31 17:06:17 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\IsatITC.dll
[2006/05/16 02:25:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:00:29 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2007/06/21 15:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/01/04 19:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2006/12/19 12:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/09/13 18:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\Ai Squared
[2006/11/27 16:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\Canon
[2008/11/29 17:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2007/06/21 13:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\Leadertech
[2006/11/09 10:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\Nvu
[2007/06/21 14:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\OfficeUpdate12
[2006/12/19 12:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\ScanSoft
[2009/12/21 20:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\VETERAN\Application Data\W Photo Studio Viewer
[2010/09/02 11:01:00 | 000,000,238 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/09/02 11:51:58 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EDC264B8-7932-48CD-AF02-4CDEBD5F2469}.job
[2010/08/31 12:10:49 | 000,001,650 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_L598B8299E0CC46E28CEC5398D61F2518.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/05 03:53:04 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2007/05/16 20:21:36 | 000,000,206 | ---- | M] () -- C:\CKINFO.TXT
[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/09/25 21:56:16 | 000,005,241 | RH-- | M] () -- C:\dell.sdr
[2010/01/05 03:39:26 | 000,001,396 | ---- | M] () -- C:\detestfrag.txt
[2006/10/30 16:20:31 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/27 10:36:30 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2009/08/03 21:36:10 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2009/08/03 21:36:10 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2010/09/02 14:34:39 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2008/09/12 17:18:55 | 000,000,150 | ---- | M] () -- C:\YServer.txt
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2004/08/11 18:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/06/03 22:29:06 | 000,076,288 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4pi.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2009/07/10 13:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2004/08/11 18:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 18:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 18:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/27 10:44:08 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/06/21 13:33:38 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\VETERAN\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/11 18:20:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\VETERAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
< %USERPROFILE%\Desktop\*.exe >
[2010/09/02 11:49:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\VETERAN\Desktop\OTL.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
[2008/07/05 16:12:47 | 000,449,888 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\VETERAN\My Documents\msgr8us.exe
[2008/11/28 20:28:16 | 000,436,800 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\VETERAN\My Documents\msgr9us.exe
[2008/09/19 21:03:07 | 016,302,636 | ---- | M] (PC Camera ) -- C:\Documents and Settings\VETERAN\My Documents\PC_Camera_1043W_070328.exe
[2004/09/22 18:46:04 | 000,819,200 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\VETERAN\My Documents\setup_wm.exe
[2008/08/18 11:52:47 | 164,668,752 | ---- | M] (Ai Squared ) -- C:\Documents and Settings\VETERAN\My Documents\ZT914_KPTV.exe
[1 C:\Documents and Settings\VETERAN\My Documents\*.tmp files -> C:\Documents and Settings\VETERAN\My Documents\*.tmp -> ]
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
[2004/08/04 06:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2007/06/21 13:33:38 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\VETERAN\Favorites\Desktop.ini
[2010/01/02 18:14:52 | 000,002,044 | ---- | M] () -- C:\Documents and Settings\VETERAN\Favorites\FriendFinder Messenger v4.1.lnk
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
[2010/09/02 14:34:43 | 000,147,456 | ---- | M] () -- C:\Documents and Settings\VETERAN\Cookies\index.dat
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
< %SYSTEMROOT%\Installer\*.exe >
< %USERPROFILE%\Templates\*.* >
[2004/08/04 06:00:00 | 000,004,570 | ---- | M] () -- C:\Documents and Settings\VETERAN\Templates\amipro.sam
[2004/08/04 06:00:00 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\VETERAN\Templates\excel.xls
[2004/08/04 06:00:00 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\VETERAN\Templates\excel4.xls
[2004/08/04 06:00:00 | 000,002,448 | ---- | M] () -- C:\Documents and Settings\VETERAN\Templates\lotus.wk4
[2004/08/04 06:00:00 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\VETERAN\Templates\powerpnt.ppt
[2004/08/04 06:00:00 | 000,000,461 | ---- | M] () -- C:\Documents and Settings\VETERAN\Templates\presenta.shw
[2004/08/04 06:00:00 | 000,004,017 | ---- | M] () -- C:\Documents and Settings\VETERAN\Templates\quattro.wb2
[2004/08/04 06:00:00 | 000,000,058 | ---- | M] () -- C:\Documents and Settings\VETERAN\Templates\sndrec.wav
[2004/08/04 06:00:00 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\VETERAN\Templates\winword.doc
[2004/08/04 06:00:00 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\VETERAN\Templates\winword2.doc
[2004/08/04 06:00:00 | 000,000,030 | ---- | M] () -- C:\Documents and Settings\VETERAN\Templates\wordpfct.wpd
[2004/08/04 06:00:00 | 000,000,057 | ---- | M] () -- C:\Documents and Settings\VETERAN\Templates\wordpfct.wpg
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-12 07:09:24
< End of report >
______________________________________________________________________________________________________________________
OTL EXTRAS
OTL Extras logfile created on: 9/2/2010 2:37:39 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\VETERAN\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,014.00 Mb Total Physical Memory | 491.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.46 Gb Total Space | 52.72 Gb Free Space | 77.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JGN0ZC1
Current User Name: VETERAN
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{12BE3579-A34B-47BD-A65C-82B1754E71E1}" = D4100
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Webroot AntiVirus with Spy Sweeper
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{27BC537B-086D-42E1-9CB3-9D115FA043BF}" = ScanSoft OmniPage 15.0
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}" = hph_software
"{393711FE-64EB-4DC7-909E-5FB26D1270AA}" = Microsoft Sapi 5.1
"{3972C18C-688F-4312-BE9A-3E065204C33D}" = IBM ViaVoice TTS Runtime v6.610 - UK English
"{3C97C9C5-1AF3-41B0-B61C-185C06C75EE6}" = D4100_Help
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{62AD5F7F-9CFC-4523-AF83-C58F02836635}" = Geek Squad 24 Hour Computer Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8194FEA4-99B6-4CC9-8880-8888FBAB7EA6}" = ZoomText Keyboard
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{838BC0FB-4F8F-47B9-847F-06AE4CCE4181}" = Manual CanoScan LiDE 25
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask.com Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
"{942DF6BD-E4F2-4915-B4FB-09C02B71284F}" = NeoSpeech Paul
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9CA018F2-1E0D-4041-9258-6EFBFEF671BF}" = ZoomText 9.1
"{9FAD67A7-3A4E-4754-AAC4-0397F370611D}" = NeoSpeech Kate
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}" = hph_ProductContext
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1A6B23C-438E-4D08-B508-4E830CA8F335}" = IBM ViaVoice TTS Runtime v6.610 - US English
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C45EB9E5-7165-4FB0-8C31-77FC4743362F}" = Manual CanoScan LiDE 25
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C82E335E-2D1A-49B4-814B-0C60769F0C2A}" = ArcSoft VideoImpression 2
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = Canon CanoScan Toolbox 4.9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}" = HP Photosmart and Deskjet 7.0 Software
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3E7955D-696A-423C-8D38-FCA8A3094F05}" = Microsoft Sapi5 voices for XP
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DolphinSAM" = Synthesiser Access Manager
"EarthLink 5.0" = EarthLink 5.0
"Earthlink Instant Messenger" = Earthlink Instant Messenger
"EaseReader" = EaseReader
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PageBreeze Free HTML Editor" = PageBreeze Free HTML Editor
"RealPlayer 6.0" = RealPlayer Basic
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Software Update" = Yahoo! Software Update
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11/11/2009 7:01:01 PM | Computer Name = JGN0ZC1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.
Error - 11/15/2009 1:22:44 AM | Computer Name = JGN0ZC1 | Source = Broadcom ASF IP Monitor | ID = 0
Description = !ERROR 53 Refreshing BMAPI data
Error - 11/15/2009 1:23:08 AM | Computer Name = JGN0ZC1 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x67922d28.
Error - 11/15/2009 1:23:23 AM | Computer Name = JGN0ZC1 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Error - 11/16/2009 5:25:32 AM | Computer Name = JGN0ZC1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.
Error - 11/16/2009 5:48:50 AM | Computer Name = JGN0ZC1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.
Error - 11/17/2009 7:24:57 AM | Computer Name = JGN0ZC1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.
Error - 11/17/2009 7:50:54 AM | Computer Name = JGN0ZC1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.
Error - 11/18/2009 7:00:39 PM | Computer Name = JGN0ZC1 | Source = Application Hang | ID = 1002
Description = Hanging application Nss.exe, version 2.6.0.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 11/18/2009 8:47:53 PM | Computer Name = JGN0ZC1 | Source = Application Error | ID = 1000
Description = Faulting application fulltiltpoker.exe, version 0.0.0.0, faulting
module qtwebkit4.dll, version 4.5.2.0, fault address 0x0002426d.
[ System Events ]
Error - 9/2/2010 11:45:16 AM | Computer Name = JGN0ZC1 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747
Error - 9/2/2010 11:46:40 AM | Computer Name = JGN0ZC1 | Source = Service Control Manager | ID = 7022
Description = The Webroot Spy Sweeper Engine service hung on starting.
Error - 9/2/2010 2:16:23 PM | Computer Name = JGN0ZC1 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747
Error - 9/2/2010 2:17:46 PM | Computer Name = JGN0ZC1 | Source = Service Control Manager | ID = 7022
Description = The Webroot Spy Sweeper Engine service hung on starting.
Error - 9/2/2010 2:20:51 PM | Computer Name = JGN0ZC1 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747
Error - 9/2/2010 2:22:15 PM | Computer Name = JGN0ZC1 | Source = Service Control Manager | ID = 7022
Description = The Webroot Spy Sweeper Engine service hung on starting.
Error - 9/2/2010 2:24:06 PM | Computer Name = JGN0ZC1 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747
Error - 9/2/2010 2:25:30 PM | Computer Name = JGN0ZC1 | Source = Service Control Manager | ID = 7022
Description = The Webroot Spy Sweeper Engine service hung on starting.
Error - 9/2/2010 2:34:58 PM | Computer Name = JGN0ZC1 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747
Error - 9/2/2010 2:36:22 PM | Computer Name = JGN0ZC1 | Source = Service Control Manager | ID = 7022
Description = The Webroot Spy Sweeper Engine service hung on starting.
< End of report >
________________________________________________________________________________________________________________