OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\All Users\Documents\cleaning
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 7.02 Gb Free Space | 18.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: 600M
Current User Name: Jerry Hopping
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\All Users\Documents\cleaning\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe (Dantz Development Corporation)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\All Users\Documents\cleaning\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\SYSTEM32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (AOL ACS) -- C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe File not found
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (RetroExp Helper) -- C:\Program Files\Dantz\Retrospect Express HD\rthlpsvc.exe (Dantz Development Corporation)
SRV - (RetroExpLauncher) -- C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe (Dantz Development Corporation)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
========== Driver Services (SafeList) ==========
DRV - (PalmUSBD) -- C:\WINDOWS\System32\drivers\PalmUSBD.sys File not found
DRV - (iAimTV2) -- C:\WINDOWS\System32\DRIVERS\wATV03nt.sys File not found
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100901.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100901.002\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (61883) -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (symlcbrd) -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (MarvinBus) -- C:\WINDOWS\SYSTEM32\DRIVERS\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (OZSCR) -- C:\WINDOWS\SYSTEM32\DRIVERS\ozscr.sys (O2Micro)
DRV - (O2SCBUS) -- C:\WINDOWS\SYSTEM32\DRIVERS\ozscr.sys (O2Micro)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (Afc) -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys (Arcsoft, Inc.)
DRV - (PCLEPCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\Pclepci.sys (Pinnacle Systems GmbH)
DRV - (MXOPSWD) -- C:\WINDOWS\SYSTEM32\DRIVERS\mxopswd.sys (Maxtor Corp.)
DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (TPkd) -- C:\WINDOWS\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (BCMModem) -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys (Broadcom Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (tfsnudfa) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (sscdbhk5) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys (Sonic Solutions)
DRV - (BCM43XX) -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMWL5.SYS (Broadcom Corporation)
DRV - (b57w2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (P1130VID) -- C:\WINDOWS\SYSTEM32\DRIVERS\P1130Vid.sys (Creative Technology Ltd.)
DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\STAC97.sys (SigmaTel, Inc.)
DRV - (MaxtorFrontPanel1) -- C:\WINDOWS\SYSTEM32\DRIVERS\mxofwfp.sys (Maxtor Corp.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (gv3) -- C:\WINDOWS\SYSTEM32\DRIVERS\gv3.sys (Microsoft Corporation)
DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,search page = http://www.Google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start page = http://www.Google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2002/08/29 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOLold\ACS\AOLDial.exe (America Online)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89C30F0F8BD011D2.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: realestateexpress.com ([www] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5....DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewi...oOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (SysData Class)
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} http://download.side...00719/sb028.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1179191521757 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} http://h30155.www3.h...edsolutions.cab (HPObjectInstaller Class)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.h...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} http://ax.phobos.app.../ITDetector.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.109 213.109.73.42 1.1.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\SYSTEM32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jerry Hopping\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jerry Hopping\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/06 17:54:41 | 000,000,102 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/04/03 08:08:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.LTS -- [ NTFS ]
O33 - MountPoints2\{06570942-ff1c-11db-ae23-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{06570942-ff1c-11db-ae23-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{06570942-ff1c-11db-ae23-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{06570943-ff1c-11db-ae23-00038a000015}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{2ca8dd63-b247-11dc-ae66-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{2ca8dd63-b247-11dc-ae66-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{41478e20-ceb3-11dd-aee4-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{41478e20-ceb3-11dd-aee4-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{41478e20-ceb3-11dd-aee4-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: VIDC.PIM1 - pclepim1.dll File not found
Unable to start service SrService!
========== Files/Folders - Created Within 90 Days ==========
[2010/09/02 19:40:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/02 19:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/02 19:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\cleaning
[2010/09/02 19:24:37 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\All Users\Documents\erunt-setup.exe
[2010/09/02 17:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/02 17:05:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry Hopping\Local Settings\Application Data\CutePDF Writer
[2010/09/02 17:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2010/09/02 17:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2010/09/02 16:04:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry Hopping\Application Data\PrimoPDF
[2010/09/02 16:02:34 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2010/09/02 13:00:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry Hopping\Desktop\Warranty Deeds
[2010/09/02 11:17:21 | 000,000,000 | ---D | C] -- C:\PropertyBoss Data
[2010/09/02 11:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\PropertyBoss
[2010/09/02 10:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2010/09/01 21:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Take Note
[2010/09/01 20:54:00 | 000,000,000 | ---D | C] -- C:\Versalsoft
[2010/09/01 20:53:52 | 000,000,000 | ---D | C] -- C:\Program Files\Versalsoft
[2010/09/01 20:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\Universal
[2010/09/01 19:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/09/01 19:26:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry Hopping\Application Data\Google
[2010/09/01 19:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/09/01 19:25:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry Hopping\Local Settings\Application Data\Google
[2010/09/01 19:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/09/01 19:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/08/11 15:43:13 | 001,820,160 | ---- | C] (Debenu Pty Ltd) -- C:\WINDOWS\System32\QuickPDFAX0716.dll
[2010/08/11 15:43:09 | 001,241,202 | ---- | C] (Payment Processing Inc.) -- C:\WINDOWS\System32\PayGateway.dll
[2010/08/11 15:43:09 | 000,032,768 | ---- | C] (ut) -- C:\WINDOWS\System32\SendPmt.dll
[2010/08/11 15:43:07 | 000,741,376 | ---- | C] (EaseWe software Http://www.ftpocx.com Email:[email protected]) -- C:\WINDOWS\System32\EaseWeFtp.ocx
[2010/08/11 15:43:07 | 000,700,416 | ---- | C] ( GdPicture) -- C:\WINDOWS\System32\gdpicturepro.ocx
[2010/08/11 15:43:06 | 000,327,680 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartZip.dll
[2010/08/11 15:43:06 | 000,221,184 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartSock.dll
[2010/08/11 15:43:06 | 000,147,456 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartUtil.dll
[2010/08/11 15:43:05 | 000,438,272 | ---- | C] (Dart Communications) -- C:\WINDOWS\System32\DartMail.dll
[2010/08/11 15:43:04 | 005,283,840 | ---- | C] (Synergration, Inc.) -- C:\WINDOWS\System32\CoreObjX50.dll
[1 C:\Documents and Settings\Jerry Hopping\My Documents\*.tmp files -> C:\Documents and Settings\Jerry Hopping\My Documents\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/09/02 23:31:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/02 19:38:23 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\Desktop\NTREGOPT.lnk
[2010/09/02 19:38:23 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\Desktop\ERUNT.lnk
[2010/09/02 19:31:13 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/02 19:30:33 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/09/02 19:28:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/02 19:28:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/09/02 19:26:26 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\Jerry Hopping\NTUSER.DAT
[2010/09/02 19:26:20 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Jerry Hopping\NTUSER.INI
[2010/09/02 19:24:38 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\All Users\Documents\erunt-setup.exe
[2010/09/02 17:08:37 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\Desktop\HijackThis.lnk
[2010/09/02 16:33:19 | 000,000,138 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\Desktop\STL Maris MLS.url
[2010/09/02 12:32:01 | 000,000,726 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/09/02 11:18:03 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PropertyBoss.lnk
[2010/09/02 10:52:30 | 000,002,116 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\Desktop\s Quick Connect.lnk
[2010/09/01 22:59:33 | 007,886,336 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\Desktop\setup.msi
[2010/09/01 13:23:30 | 000,200,144 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/01 00:37:12 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/01 00:32:09 | 000,541,842 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/01 00:32:09 | 000,471,862 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/09/01 00:32:09 | 000,079,878 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/08/11 22:38:02 | 000,741,376 | ---- | M] (EaseWe software Http://www.ftpocx.com Email:[email protected]) -- C:\WINDOWS\System32\EaseWeFtp.ocx
[2010/06/25 08:17:20 | 000,079,360 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\My Documents\JH outlook exported data old buss 6-2010.xls
[2010/06/25 08:17:20 | 000,000,622 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/06/25 08:17:11 | 000,038,501 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\Application Data\Microsoft Excel.ADR
[2010/06/25 08:16:23 | 000,057,856 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\My Documents\JH outlook exported data prts 6-2010.xls
[2010/06/25 08:15:32 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\My Documents\JH outlook exported data pdg 6-2010.xls
[2010/06/25 08:14:29 | 000,078,848 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\My Documents\JH outlook exported datachem 6-2010.xls
[2010/06/25 08:10:47 | 000,162,816 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\My Documents\JH outlook exported data 6-2010.xls
[2010/06/25 08:07:48 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[1 C:\Documents and Settings\Jerry Hopping\My Documents\*.tmp files -> C:\Documents and Settings\Jerry Hopping\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/09/02 19:38:23 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Jerry Hopping\Desktop\NTREGOPT.lnk
[2010/09/02 19:38:23 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Jerry Hopping\Desktop\ERUNT.lnk
[2010/09/02 17:08:37 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Jerry Hopping\Desktop\HijackThis.lnk
[2010/09/02 17:02:59 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/09/02 16:02:36 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/09/02 11:18:03 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PropertyBoss.lnk
[2010/09/02 10:52:30 | 000,002,116 | ---- | C] () -- C:\Documents and Settings\Jerry Hopping\Desktop\s Quick Connect.lnk
[2010/09/01 19:26:02 | 000,000,900 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/01 19:26:01 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/11 15:43:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\TestCOM.dll
[2010/08/11 15:43:04 | 000,015,819 | R--- | C] () -- C:\WINDOWS\System32\VSPELLER.HLP
[2010/08/11 15:43:04 | 000,000,380 | R--- | C] () -- C:\WINDOWS\System32\VS.lic
[2010/08/11 15:43:03 | 000,264,288 | R--- | C] () -- C:\WINDOWS\System32\AMERICAN.vtd
[2010/06/25 08:17:09 | 000,079,360 | ---- | C] () -- C:\Documents and Settings\Jerry Hopping\My Documents\JH outlook exported data old buss 6-2010.xls
[2010/06/25 08:16:10 | 000,057,856 | ---- | C] () -- C:\Documents and Settings\Jerry Hopping\My Documents\JH outlook exported data prts 6-2010.xls
[2010/06/25 08:15:19 | 000,056,832 | ---- | C] () -- C:\Documents and Settings\Jerry Hopping\My Documents\JH outlook exported data pdg 6-2010.xls
[2010/06/25 08:14:16 | 000,078,848 | ---- | C] () -- C:\Documents and Settings\Jerry Hopping\My Documents\JH outlook exported datachem 6-2010.xls
[2010/06/25 08:10:25 | 000,038,501 | ---- | C] () -- C:\Documents and Settings\Jerry Hopping\Application Data\Microsoft Excel.ADR
[2010/06/25 08:10:03 | 000,162,816 | ---- | C] () -- C:\Documents and Settings\Jerry Hopping\My Documents\JH outlook exported data 6-2010.xls
[2010/02/14 18:44:56 | 000,000,056 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsidmv.dat
[2009/01/10 15:30:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/06/20 22:45:57 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\DRM
[2008/03/30 15:33:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/10/14 01:30:34 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/10/14 01:30:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\DVResampleru.dll
[2007/09/10 21:58:56 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/10 12:18:59 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Jerry Hopping\Application Data\$_hpcst$.hpc
[2007/02/16 14:19:53 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/21 22:15:29 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/11/17 12:34:40 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2006/06/20 12:08:19 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2006/04/21 07:55:58 | 000,006,109 | ---- | C] () -- C:\Documents and Settings\Jerry Hopping\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/04/21 07:55:57 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/01/07 12:42:32 | 000,000,031 | ---- | C] () -- C:\WINDOWS\tyvplay.INI
[2005/11/10 17:49:17 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2005/10/06 22:10:52 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2005/10/06 18:17:10 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2005/10/06 17:54:40 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2005/10/06 17:54:40 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2005/10/06 17:54:40 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2005/10/06 17:54:40 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2005/10/06 17:54:40 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2005/03/26 22:23:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2004/12/20 18:24:03 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/11/29 22:29:36 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Jerry Hopping\Local Settings\Application Data\fusioncache.dat
[2004/10/28 14:02:41 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/08/04 11:30:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/07/29 11:16:29 | 000,029,604 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/07/25 12:41:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5u.DLL
[2004/05/29 10:28:05 | 000,000,073 | ---- | C] () -- C:\WINDOWS\eFaxView.ini
[2004/05/01 21:29:15 | 000,110,080 | ---- | C] () -- C:\Documents and Settings\Jerry Hopping\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/04/14 18:14:45 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/04/03 08:08:29 | 000,000,121 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2004/04/03 08:08:28 | 000,000,923 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2004/04/03 08:08:24 | 000,000,562 | ---- | C] () -- C:\WINDOWS\123MM.INI
[2004/04/03 08:08:24 | 000,000,478 | ---- | C] () -- C:\WINDOWS\LODBF04.INI
[2004/04/03 08:08:23 | 000,005,130 | ---- | C] () -- C:\WINDOWS\STXR30.INI
[2004/04/03 08:08:21 | 000,013,252 | ---- | C] () -- C:\WINDOWS\123R5MM.INI
[2004/03/23 12:03:19 | 000,002,305 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/03/17 10:36:39 | 000,000,064 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/03/17 09:42:41 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2004/03/16 23:43:43 | 000,000,120 | ---- | C] () -- C:\WINDOWS\MSMAIL32.INI
[2004/03/16 23:39:46 | 000,001,128 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/03/09 10:20:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/09 10:14:33 | 000,000,622 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/03/09 10:02:56 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/03/09 09:56:38 | 000,000,883 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/03/09 09:21:20 | 000,000,546 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/09/12 01:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
[1997/09/12 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/09/12 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/17 02:37:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1996/07/31 01:00:00 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OPENENU.DLL
[1996/07/31 01:00:00 | 000,007,008 | ---- | C] () -- C:\WINDOWS\System32\SETUPLC.DLL
========== LOP Check ==========
[2005/03/14 20:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2006/09/07 22:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2007/09/10 21:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2005/10/06 20:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2006/10/31 23:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2008/12/05 10:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2005/10/22 21:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2004/07/09 06:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2004/07/09 05:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sybase Central 6.0.0
[2007/02/18 20:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/01/26 10:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Hopping\Application Data\Aim
[2006/08/17 22:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Hopping\Application Data\eFax Messenger
[2005/03/14 20:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Hopping\Application Data\HotSync
[2004/05/23 22:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Hopping\Application Data\Leadertech
[2005/11/09 10:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Hopping\Application Data\Musicmatch
[2010/09/02 16:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Hopping\Application Data\PrimoPDF
[2007/02/18 20:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Hopping\Application Data\Viewpoint
[2007/06/20 14:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Hopping\Application Data\Walgreens
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2006/03/02 22:37:26 | 002,647,024 | ---- | M] () -- C:\22bejeweled-setup.exe
[2005/10/06 19:05:55 | 000,403,980 | ---- | M] () -- C:\adorage-protocol.txt
[2006/04/10 09:33:18 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2006/04/10 09:33:18 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2007/05/14 18:14:32 | 000,022,856 | ---- | M] () -- C:\ASLog.txt
[2005/10/06 17:54:41 | 000,000,102 | ---- | M] () -- C:\AUTOEXEC.BAT
[2004/04/03 08:08:53 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.LTS
[2008/12/05 10:18:21 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2002/09/03 09:38:46 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2002/09/03 09:59:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/03/09 09:27:08 | 000,005,310 | RH-- | M] () -- C:\DELL.SDR
[2005/05/16 20:06:06 | 000,005,723 | -H-- | M] () -- C:\ffastun.ffa
[2005/05/16 20:06:04 | 001,359,872 | -H-- | M] () -- C:\ffastun.ffl
[2005/05/16 20:06:06 | 000,909,312 | -H-- | M] () -- C:\ffastun.ffo
[2005/05/16 20:06:04 | 003,334,144 | -H-- | M] () -- C:\ffastun0.ffx
[2005/05/16 23:06:49 | 001,359,872 | ---- | M] () -- C:\ffastunT.ffl
[2007/11/25 01:20:15 | 000,000,000 | -H-- | M] () -- C:\Found.009
[2004/05/04 11:53:40 | 001,645,320 | ---- | M] (Microsoft Corporation) -- C:\gdiplus.dll
[2004/07/29 11:24:29 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml
[2002/09/03 09:59:58 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2007/08/15 21:43:14 | 000,039,380 | ---- | M] () -- C:\mombi.log
[2002/09/03 09:59:58 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/09/29 20:09:42 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/12/09 11:06:51 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/09/02 19:28:10 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys
[2007/06/10 22:09:12 | 000,001,724 | ---- | M] () -- C:\RUU.log
[2010/02/14 21:12:38 | 000,001,091 | ---- | M] () -- C:\sti.log
[2004/03/09 10:08:22 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2000/06/08 17:00:00 | 000,019,083 | ---- | M] () -- C:\WINNT
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
[2006/02/19 04:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
< %systemroot%\Fonts\*.ini >
[2002/09/03 09:59:02 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\DESKTOP.INI
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2003/10/16 00:00:00 | 000,017,920 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPD5u.DLL
[2003/10/16 00:00:00 | 000,049,664 | ---- | M] (CANON INC.) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\CNMPP5u.DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\filterpipelineprintproc.dll
[2006/04/10 15:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\hpzpp054.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2004/07/13 22:16:11 | 000,404,432 | ---- | M] (MacSourcery) -- C:\WINDOWS\Bc04001.scr
[2004/07/13 22:17:20 | 000,404,432 | ---- | M] (MacSourcery) -- C:\WINDOWS\Bc04002.scr
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
[2007/11/24 17:43:52 | 000,001,602 | -H-- | M] () -- C:\Documents and Settings\Jerry Hopping\Application Data\Microsoft\LastFlashConfig.WFC
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2002/09/03 09:47:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2002/09/03 09:47:18 | 000,602,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2002/09/03 09:47:18 | 000,380,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/12/09 11:12:54 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\DESKTOP.INI
[2010/02/14 20:05:28 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Free AOL & Unlimited Internet.url
< %systemroot%\system32\config\systemprofile\*.dat /x >
[2004/03/09 10:19:35 | 000,000,004 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Share
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
[2006/07/12 18:02:45 | 000,006,656 | -HS- | M] () -- C:\WINDOWS\SYSTEM32\Thumbs.db
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/12/09 11:39:09 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Jerry Hopping\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI
[2004/03/16 21:27:30 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
< %USERPROFILE%\Desktop\*.exe >
[2007/02/16 16:43:29 | 000,134,016 | ---- | M] (Hewlett-Packard Company ) -- C:\Documents and Settings\Jerry Hopping\Desktop\ScanDiagnosticUtility_ver_1.5.exe
[2007/10/14 01:18:39 | 126,567,586 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Jerry Hopping\Desktop\StudioPatch10_8.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
[2004/07/13 20:57:09 | 001,979,604 | ---- | M] (MacSourcery) -- C:\Documents and Settings\Jerry Hopping\My Documents\BC04001.exe
[2004/07/13 21:11:06 | 004,563,507 | ---- | M] (MacSourcery) -- C:\Documents and Settings\Jerry Hopping\My Documents\BC04002.exe
[2006/03/02 22:37:26 | 002,647,024 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\My Documents\bejeweled-setup.exe
[1 C:\Documents and Settings\Jerry Hopping\My Documents\*.tmp files -> C:\Documents and Settings\Jerry Hopping\My Documents\*.tmp -> ]
< %USERPROFILE%\*.exe >
[2005/10/03 20:03:22 | 000,483,401 | ---- | M] (Citrix Online) -- C:\Documents and Settings\Jerry Hopping\314_gotomypc.exe
[2007/01/07 21:09:54 | 000,563,712 | ---- | M] (Citrix Online) -- C:\Documents and Settings\Jerry Hopping\gotomypc_370.exe
[2007/03/16 21:07:59 | 000,722,176 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Jerry Hopping\gotomypc_428.exe
[2009/02/01 17:55:48 | 000,726,008 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Jerry Hopping\gotomypc_437.exe
[2009/03/07 19:19:34 | 000,726,008 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Jerry Hopping\gotomypc_438.exe
< %systemroot%\ADDINS\*.* >
[2002/08/29 06:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf
[2004/03/16 23:47:55 | 000,000,627 | ---- | M] () -- C:\WINDOWS\ADDINS\OLMENU.ECF
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
[2006/01/07 11:59:05 | 000,000,066 | ---- | M] () -- C:\WINDOWS\Config\viatest2.blh
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2008/12/09 11:39:09 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Jerry Hopping\Favorites\Desktop.ini
[2004/03/16 23:49:38 | 000,000,427 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\Favorites\My Documents.lnk
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
[2010/09/02 23:24:57 | 000,180,224 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\Cookies\INDEX.DAT
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\INF\unregmp2.exe
< %SYSTEMROOT%\Installer\*.exe >
< %USERPROFILE%\Templates\*.* >
[2002/08/29 06:00:00 | 000,004,570 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\Templates\AMIPRO.SAM
[2002/08/29 06:00:00 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\Templates\EXCEL.XLS
[2002/08/29 06:00:00 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\Templates\EXCEL4.XLS
[2002/08/29 06:00:00 | 000,002,448 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\Templates\LOTUS.WK4
[2002/08/29 06:00:00 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\Templates\POWERPNT.PPT
[2002/08/29 06:00:00 | 000,000,461 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\Templates\PRESENTA.SHW
[2002/08/29 06:00:00 | 000,004,017 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\Templates\QUATTRO.WB2
[2002/08/29 06:00:00 | 000,000,058 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\Templates\SNDREC.WAV
[2002/08/29 06:00:00 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\Templates\WINWORD.DOC
[2002/08/29 06:00:00 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\Templates\WINWORD2.DOC
[2002/08/29 06:00:00 | 000,000,030 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\Templates\WORDPFCT.WPD
[2002/08/29 06:00:00 | 000,000,057 | ---- | M] () -- C:\Documents and Settings\Jerry Hopping\Templates\WORDPFCT.WPG
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-01 05:38:45
========== Alternate Data Streams ==========
@Alternate Data Stream - 922 bytes -> C:\Found.009:JrPfoWX5h6G8AitPsWdo1siC
@Alternate Data Stream - 870 bytes -> C:\Documents and Settings\All Users\Application Data\DRM:ujR0sz0WU07k7dnJw4T9
< End of report >
OTL Extras logfile created on: 9/2/2010 11:33:11 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\All Users\Documents\cleaning
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 7.02 Gb Free Space | 18.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: 600M
Current User Name: Jerry Hopping
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"2638:TCP" = 2638:TCP:*:Enabled:SQL Anywhere Database Connectivity
"2638:UDP" = 2638:UDP:*:Enabled:SQL Anywhere Database Connectivity
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Westwood\RA2\game.exe" = C:\Westwood\RA2\game.exe:*:Enabled:Main executable for Red Alert 2 -- (Westwood Studios)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a -- File not found
"C:\Westwood\RA2\mph.exe" = C:\Westwood\RA2\mph.exe:*:Disabled:mph -- ()
"C:\WINDOWS\SYSTEM32\fxsclnt.exe" = C:\WINDOWS\SYSTEM32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
"C:\Program Files\Palm\HOTSYNC.EXE" = C:\Program Files\Palm\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application -- File not found
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe" = C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe" = C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- ( )
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe" = C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\Common Files\AOL\1163692629\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1163692629\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{08E2EC5A-9C9D-4472-AB52-4165774BB8D8}" = Studio 10.1 Patch
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E88F516-C8AA-4D17-9A54-8AB0768F34C1}" = Retrospect Express HD 1.0
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Studio
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10
"{410438A3-B591-4028-B70A-3CC0B33FBCD1}" =
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4A862970-B6AE-11DF-6784-0060DD2418BE}" = PropertyBoss (PropertyBoss)
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{4DBBA793-4668-48DE-BDA8-AC105FE460F1}" = Wireless
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = Sonic MyDVD
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6A012D9C-2E2E-405A-B87C-E909F5297C3F}" = Studio 10 Bonus DVD
"{6D924ED2-5B03-26E4-5A75-1DBD570D372E}" = SQL Anywhere 11
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Advanced Control Suite
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.1.0.24
"{B3B4CD34-6C20-4b28-A231-FEC55B42C579}" = c6100_Help
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C6AE8E1F-EC1B-11D4-A19D-00C04FA0FD08}" = Phone Link Updater
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8574AE5-370F-4246-A301-B85A2CC89A5E}" = C6100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CA9AC6A3-4A75-4879-9775-F7138B653A73}" = Windows Media Player Add-in for Microsoft FrontPage
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFA679D8-5216-4E10-B7D3-BA4033A6991E}" = i80 Setup Utility
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E4E00419-1BAE-494C-9008-D67BC5582EFB}" = Studio 10 Bonus DVD Rev 2 Patch
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{FF1482CF-D19B-44DD-B887-9698CB51DFD5}" = Studio 10.8 Patch
"ActiveTouchMeetingClient" = WebEx
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"Broadcom 802.11b Network Adapter" = Dell TrueMobile 1400 Dual Band WLAN Mini-PCI Card
"CANONBJ_Deinstall_CNMCP5u.DLL" = Canon i80
"Creative PC-CAM Center" = Creative PC-CAM Center
"Creative PD1130" = Creative WebCam NX Pro Driver (1.00.06.0512)
"Creative WebCam Monitor" = Creative WebCam Monitor
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DellSupport" = Dell Support 5.0.0 (766)
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Advanced Control Suite
"InterActual Player" = InterActual Player
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Project 8.0" = Microsoft Project 98
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"Office8.0" = Microsoft Office 97, Professional Edition
"Photo Viewer" = Photo Viewer 2.4
"powerOne Personal v2.1.1 for Handhelds" = powerOne Personal v2.1.1 for Handhelds
"RealPlayer 6.0" = RealPlayer
"Red Alert 2" = Command & Conquer Red Alert 2
"VB Runtime" = VB Runtime
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visio Standard" = Visio Standard
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WOLAPI" = Westwood Shared Internet Components
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/2/2010 8:18:04 PM | Computer Name = 600M | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\Rtvscan.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
C:\Documents and Settings\All Users\Documents\TFC.exe (PID 1888) Time: Thursday,
September 02, 2010 7:18:04 PM
Error - 9/2/2010 8:18:04 PM | Computer Name = 600M | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\Rtvscan.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
C:\Documents and Settings\All Users\Documents\TFC.exe (PID 1888) Time: Thursday,
September 02, 2010 7:18:04 PM
Error - 9/2/2010 8:18:04 PM | Computer Name = 600M | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\Rtvscan.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
C:\Documents and Settings\All Users\Documents\TFC.exe (PID 1888) Time: Thursday,
September 02, 2010 7:18:04 PM
Error - 9/2/2010 8:18:04 PM | Computer Name = 600M | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\Rtvscan.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
C:\Documents and Settings\All Users\Documents\TFC.exe (PID 1888) Time: Thursday,
September 02, 2010 7:18:04 PM
Error - 9/2/2010 8:18:04 PM | Computer Name = 600M | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\Rtvscan.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
C:\Documents and Settings\All Users\Documents\TFC.exe (PID 1888) Time: Thursday,
September 02, 2010 7:18:04 PM
Error - 9/2/2010 8:18:04 PM | Computer Name = 600M | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\Rtvscan.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
C:\Documents and Settings\All Users\Documents\TFC.exe (PID 1888) Time: Thursday,
September 02, 2010 7:18:04 PM
Error - 9/2/2010 8:18:04 PM | Computer Name = 600M | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\Rtvscan.exe Event Info: Terminate Thread Action Taken: Blocked Actor Process:
C:\Documents and Settings\All Users\Documents\TFC.exe (PID 1888) Time: Thursday,
September 02, 2010 7:18:04 PM
Error - 9/2/2010 8:18:48 PM | Computer Name = 600M | Source = MsiInstaller | ID = 11706
Description = Product: DocumentViewer -- Error 1706. An installation package for
the product DocumentViewer cannot be found. Try the installation again using a
valid copy of the installation package 'DocumentViewer.msi'.
Error - 9/2/2010 8:39:52 PM | Computer Name = 600M | Source = MsiInstaller | ID = 11706
Description = Product: DocumentViewer -- Error 1706. An installation package for
the product DocumentViewer cannot be found. Try the installation again using a
valid copy of the installation package 'DocumentViewer.msi'.
Error - 9/2/2010 8:40:34 PM | Computer Name = 600M | Source = MsiInstaller | ID = 11706
Description = Product: DocumentViewer -- Error 1706. An installation package for
the product DocumentViewer cannot be found. Try the installation again using a
valid copy of the installation package 'DocumentViewer.msi'.
[ System Events ]
Error - 9/2/2010 1:31:12 PM | Computer Name = 600M | Source = Print | ID = 6161
Description = The document Test Page owned by Jerry Hopping failed to print on printer
Auto HP Photosmart C6100 series on JR-DESKTOP. Data type: NT EMF 1.008. Size of
the spool file in bytes: 81184. Number of bytes printed: 0. Total number of pages
in the document: 1. Number of pages printed: 0. Client machine: \\600M. Win32 error
code returned by the print processor: 53 (0x35).
Error - 9/2/2010 4:05:29 PM | Computer Name = 600M | Source = Service Control Manager | ID = 7000
Description = The AOL Connectivity Service service failed to start due to the following
error: %%2
Error - 9/2/2010 8:18:01 PM | Computer Name = 600M | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).
Error - 9/2/2010 8:18:01 PM | Computer Name = 600M | Source = Service Control Manager | ID = 7034
Description = The Retrospect Express HD Launcher service terminated unexpectedly.
It has done this 1 time(s).
Error - 9/2/2010 8:18:01 PM | Computer Name = 600M | Source = Service Control Manager | ID = 7034
Description = The Viewpoint Manager Service service terminated unexpectedly. It
has done this 1 time(s).
Error - 9/2/2010 8:18:01 PM | Computer Name = 600M | Source = Service Control Manager | ID = 7034
Description = The WAN Miniport (ATW) Service service terminated unexpectedly. It
has done this 1 time(s).
Error - 9/2/2010 8:28:44 PM | Computer Name = 600M | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.108 for the Network Card with network
address 00904B71C6FE has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 9/2/2010 8:29:38 PM | Computer Name = 600M | Source = Service Control Manager | ID = 7000
Description = The AOL Connectivity Service service failed to start due to the following
error: %%2
Error - 9/3/2010 12:33:37 AM | Computer Name = 600M | Source = SRService | ID = 104
Description = The System Restore initialization process failed.
Error - 9/3/2010 12:33:37 AM | Computer Name = 600M | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2
< End of report >
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-02 23:28:13
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\JERRYH~1\LOCALS~1\Temp\pxtdapoc.sys
---- System - GMER 1.0.15 ----
SSDT 8A49B0C0 ZwAlertResumeThread
SSDT 8A414BC8 ZwAlertThread
SSDT 8A40F358 ZwAllocateVirtualMemory
SSDT 8A25CE78 ZwConnectPort
SSDT 8A49A900 ZwCreateMutant
SSDT 8A347200 ZwCreateThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB564C350]
SSDT 8A4D1358 ZwFreeVirtualMemory
SSDT 8A49A6F8 ZwImpersonateAnonymousToken
SSDT 8A27D9D0 ZwImpersonateThread
SSDT 8A3D9DE0 ZwMapViewOfSection
SSDT 8A411338 ZwOpenEvent
SSDT 8A289C80 ZwOpenProcessToken
SSDT 8A4A1A50 ZwOpenThreadToken
SSDT 8A32C008 ZwQueryValueKey
SSDT 8A2AF1A0 ZwResumeThread
SSDT 8A4A7100 ZwSetContextThread
SSDT 8A4CC1B0 ZwSetInformationProcess
SSDT 8A3FAE48 ZwSetInformationThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB564C580]
SSDT 8A49A190 ZwSuspendProcess
SSDT 8A3B17D8 ZwSuspendThread
SSDT 8A479860 ZwTerminateProcess
SSDT 8A4BF860 ZwTerminateThread
SSDT 8A452688 ZwUnmapViewOfSection
SSDT 8A499508 ZwWriteVirtualMemory
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x6B 0x65 0x49 0x6A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- EOF - GMER 1.0.15 ----