Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

open cloud av


  • Please log in to reply

#1
jp17315

jp17315

    Member

  • Member
  • PipPipPip
  • 127 posts
I have a computer that is infected with the Open Cloud Av malware. I followed the instructions listed her but when I start the quick scan in MBAM the program just closes. I have tried downloading and running Microsoft security essentials and it won't download properly. Please help. Thanks.
  • 0

Advertisements


#2
jp17315

jp17315

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Sorry forgot to post my logs. I ran combofix and otl. I no cannot get on the internet from this computer.

ComboFix 11-10-06.03 - Owner 10/06/2011 11:29:15.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.352 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\katherine\WINDOWS
c:\documents and settings\meg\WINDOWS
c:\documents and settings\Owner\Application Data\A0v2b3GsJOpen Cloud AV.ico
c:\documents and settings\Owner\Application Data\cP2DGaHd8Open Cloud AV.ico
c:\documents and settings\Owner\Application Data\EDoGaHs7R9TqUOpen Cloud AV.ico
c:\documents and settings\Owner\Application Data\ERZqhYXwkVlBx0cOpen Cloud AV.ico
c:\documents and settings\Owner\Application Data\gnnnG4aaQHsOpen Cloud AV.ico
c:\documents and settings\Owner\Application Data\KD2obF4pm5Q7E8ROpen Cloud AV.ico
c:\documents and settings\Owner\Application Data\kzP0ycS1iDoGaHsOpen Cloud AV.ico
c:\documents and settings\Owner\Application Data\OyyyxA11uv2ob4mOpen Cloud AV.ico
c:\documents and settings\Owner\Application Data\TvoFaHsJ7E8TqYwOpen Cloud AV.ico
c:\documents and settings\Owner\Application Data\V8gRZ9hYXkVlBx0Open Cloud AV.ico
c:\documents and settings\Owner\Application Data\VoGa6WfLqOpen Cloud AV.ico
c:\documents and settings\Owner\Application Data\WuSoFpGsJdKgZhXOpen Cloud AV.ico
c:\documents and settings\Owner\Application Data\XvS2obF3pGsJdKgOpen Cloud AV.ico
c:\documents and settings\Owner\Application Data\YelOBtxP0cOpen Cloud AV.ico
c:\documents and settings\Owner\Application Data\zbFG5QJdE8R9YwUOpen Cloud AV.ico
c:\documents and settings\Owner\WINDOWS
c:\documents and settings\supervisor\WINDOWS
c:\windows\$NtUninstallKB41753$\1800091565\@
c:\windows\$NtUninstallKB41753$\1800091565\bckfg.tmp
c:\windows\$NtUninstallKB41753$\1800091565\cfg.ini
c:\windows\$NtUninstallKB41753$\1800091565\Desktop.ini
c:\windows\$NtUninstallKB41753$\1800091565\keywords
c:\windows\$NtUninstallKB41753$\1800091565\kwrd.dll
c:\windows\$NtUninstallKB41753$\1800091565\L\ameacouo
c:\windows\$NtUninstallKB41753$\1800091565\lsflt7.ver
c:\windows\$NtUninstallKB41753$\1800091565\U\00000001.@
c:\windows\$NtUninstallKB41753$\1800091565\U\00000002.@
c:\windows\$NtUninstallKB41753$\1800091565\U\80000000.@
c:\windows\$NtUninstallKB41753$\1800091565\U\80000032.@
c:\windows\$NtUninstallKB41753$\808839429
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\$NtUninstallKB41753$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_6b4b37ad
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-09-06 to 2011-10-06 )))))))))))))))))))))))))))))))
.
.
2011-10-06 15:58 . 2011-10-06 15:58 -------- d-----w- c:\documents and settings\Owner\Application Data\XvS2obF3pGsJdKg
2011-10-06 15:58 . 2011-10-06 15:58 -------- d-----w- c:\documents and settings\Owner\Application Data\hYCekIVrzNx0
2011-10-06 15:36 . 2011-10-06 15:36 -------- d-----w- c:\documents and settings\Owner\Application Data\KD2obF4pm5Q7E8R
2011-10-06 15:36 . 2011-10-06 15:36 -------- d-----w- c:\documents and settings\Owner\Application Data\EkIBrzPyx1
2011-10-06 15:24 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-06 15:19 . 2011-10-06 15:19 -------- d-----w- c:\documents and settings\Owner\Application Data\oc1v3n4m6W7LgZ
2011-10-06 15:19 . 2011-10-06 15:19 -------- d-----w- c:\documents and settings\Owner\Application Data\A0v2b3GsJ
2011-10-05 20:51 . 2011-10-05 20:51 -------- d-----w- c:\documents and settings\Owner\Application Data\vsJdKgZhXkVlBPy
2011-10-05 20:51 . 2011-10-05 20:51 -------- d-----w- c:\documents and settings\Owner\Application Data\EDoGaHs7R9TqU
2011-10-05 20:44 . 2011-10-05 20:44 -------- d-----w- c:\program files\Trend Micro
2011-10-05 20:34 . 2002-01-01 05:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-05 20:24 . 2011-10-05 20:24 -------- d-----w- c:\documents and settings\Owner\Application Data\TvoFaHsJ7E8TqYw
2011-10-05 20:24 . 2011-10-05 20:24 -------- d-----w- c:\documents and settings\Owner\Application Data\E8fRL9hTXjClBzN
2011-10-05 20:15 . 2011-10-06 15:43 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-05 20:13 . 2011-10-05 20:13 -------- d-----w- c:\documents and settings\Owner\Application Data\IobF4pmG5Q7E
2011-10-05 20:13 . 2011-10-05 20:13 -------- d-----w- c:\documents and settings\Owner\Application Data\ERZqhYXwkVlBx0c
2011-10-05 20:03 . 2011-10-05 20:03 -------- d-----w- c:\documents and settings\Owner\Application Data\kzP0ycS1iDoGaHs
2011-10-05 20:03 . 2011-10-05 20:03 -------- d-----w- c:\documents and settings\Owner\Application Data\YJ6dEK8fR9YwUeO
2011-10-05 18:53 . 2011-10-05 18:53 -------- d-----w- c:\documents and settings\Owner\Application Data\WuSoFpGsJdKgZhX
2011-10-05 18:53 . 2011-10-05 18:53 -------- d-----w- c:\documents and settings\Owner\Application Data\HoFaHsJE9TqYeIr
2011-10-05 13:23 . 2011-10-05 13:23 -------- d-----w- c:\documents and settings\Owner\Application Data\VoGa6WfLq
2011-10-05 13:23 . 2011-10-05 13:23 -------- d-----w- c:\documents and settings\Owner\Application Data\T9YwUeOtP
2011-10-05 12:50 . 2011-10-05 12:50 -------- d-----w- c:\documents and settings\Owner\Application Data\zbFG5QJdE8R9YwU
2011-10-05 12:50 . 2011-10-05 12:50 -------- d-----w- c:\documents and settings\Owner\Application Data\fbFpG5sQJdKgZhX
2011-10-04 20:52 . 2011-10-04 20:52 -------- d-s---w- c:\documents and settings\LocalService\UserData
2011-10-04 20:37 . 2011-10-04 20:37 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2011-10-04 20:25 . 2011-10-04 20:25 -------- d-----w- c:\documents and settings\Owner\Application Data\V8gRZ9hYXkVlBx0
2011-10-04 20:25 . 2011-10-04 20:25 -------- d-----w- c:\documents and settings\Owner\Application Data\QA0uvS2ob3m5Q6E
2011-10-04 20:18 . 2011-10-04 20:18 -------- d-----w- c:\documents and settings\Owner\Application Data\YelOBtxP0c
2011-10-04 20:18 . 2011-10-04 20:18 -------- d-----w- c:\documents and settings\Owner\Application Data\HsQJ6dEK8R9YwU
2011-10-04 20:13 . 2011-10-04 20:13 -------- d-----w- c:\documents and settings\Owner\Application Data\VssQJJ6RZkVexiD
2011-10-04 20:13 . 2011-10-04 20:13 -------- d-----w- c:\documents and settings\Owner\Application Data\gnnnG4aaQHs
2011-10-04 20:12 . 2011-10-04 20:12 2410496 ------w- c:\windows\system32\XllOONtxP0u3Gaj.exe
2011-10-04 20:12 . 2011-10-04 20:12 -------- d-----w- c:\documents and settings\Owner\Application Data\H11uuvDmH58YwkV
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-01 15:30 . 2009-11-09 21:56 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-09-26 13:26 . 2011-08-27 14:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 13:16 . 2011-10-03 13:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-07-16 106549]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-07-05 212992]
"WCOLOREAL"="c:\program files\COMPAQ\Coloreal\coloreal.exe" [2002-02-21 143360]
"CPQEASYACC"="c:\program files\COMPAQ\Easy Access Button Support\StartEAK.exe" [2001-12-15 32768]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"WwUeOtySDo4Q8234A"="c:\windows\system32\XllOONtxP0u3Gaj.exe" [2011-10-04 2410496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 01:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=c:\windows\pss\AOL Companion.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 03:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\AOL\1187716252\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2002-05-24 17:46 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
2002-06-21 00:06 339968 ----a-w- c:\windows\system32\hphmon04.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ifffEL8gTI2bFaQ8234A]
2011-10-04 20:12 2410496 ------w- c:\windows\system32\XllOONtxP0u3Gaj.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-06-21 21:48 155648 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2004-01-14 21:53 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]
2001-07-25 04:34 36864 ----a-w- c:\cpqs\scom\srmclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
2002-05-09 15:01 155648 ----a-w- c:\program files\VERITAS Software\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 10:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2002-08-02 05:10 146432 ----a-w- c:\program files\Common Files\Real\Update_OB\evntsvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45 313472 ----a-w- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Compaq_RBA"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
.
R2 PackethSvc;Virtual NIC Service;c:\windows\system32\PackethSvc.exe [8/2/2002 12:12 a. m. 64512]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/27/2011 9:21 a. m. 136176]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/27/2011 9:21 a. m. 136176]
S3 msCMTSrvc;Content Monitoring Tool;c:\windows\system32\msCMTSrvc.exe --> c:\windows\system32\msCMTSrvc.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-27 14:21]
.
2011-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-27 14:21]
.
2002-11-13 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2002-11-13 12:00]
.
2002-11-13 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2002-11-13 12:00]
.
2002-11-13 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2002-11-13 12:00]
.
2011-10-06 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-02 19:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
mSearch Bar = hxxp://rd.yahoo.com/customize/yessentials_cq/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchURL,(Default) = hxxp://search.yahoo.com/search?p=%s
IE: RemindU. - file://c:\program files\Upromise_Remind_U\UpromisesRemindU\UpromisetRemindU\uproC0.htm
TCP: Interfaces\{800B941B-1605-49D1-A59E-567F4C06CBA9}: NameServer = 192.168.0.2,4.2.2.3
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7r646om.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-DDCActiveMenu - c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe
MSConfigStartUp-DDCM - c:\program files\WildTangent\DDC\DDCManager\DDCMan.exe
MSConfigStartUp-HPHUPD04 - c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe
MSConfigStartUp-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
MSConfigStartUp-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-Windows32KernelStart - c:\documents and settings\Owner\Application Data\wks.exe
AddRemove-PFW95Files - c:\pfw\PFWEXEC
AddRemove-unupro11050 - c:\program files\Upromise_Remind_U\UpromiseRemindU.exe
AddRemove-Works2002Setup - c:\program files\Microsoft Works and Money 2002\Setup\Launcher.exe \hp\tmp\src\
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-06 11:41
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(2700)
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\wanmpsvc.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\program files\Compaq\Easy Access Button Support\CPQEADM.EXE
c:\compaq\EAKDRV\EAUSBKBD.EXE
c:\progra~1\Compaq\EASYAC~1\BttnServ.exe
c:\program files\SpywareGuard\sgbhp.exe
.
**************************************************************************
.
Completion time: 2011-10-06 11:49:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-06 16:49
.
Pre-Run: 43,235,946,496 bytes free
Post-Run: 43,198,451,712 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - F661DE55ACD9682C230A33A40C4C76D2
  • 0

#3
jp17315

jp17315

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Here is the otl log:

OTL logfile created on: 10/6/2011 11:51:08 a. m. - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.52 Mb Total Physical Memory | 314.22 Mb Available Physical Memory | 61.55% Memory free
1.22 Gb Paging File | 1.10 Gb Available in Paging File | 90.11% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.93 Gb Total Space | 40.26 Gb Free Space | 71.98% Space Free | Partition Type: NTFS

Computer Name: YOUR-PA86Z1I3G7 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/06 10:33:01 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2007/09/10 15:12:44 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2007/04/25 14:28:34 | 000,954,368 | ---- | M] () -- C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe
PRC - [2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [2003/08/12 12:50:40 | 001,376,360 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe
PRC - [2002/06/17 20:14:38 | 000,090,112 | ---- | M] (Compaq) -- C:\Compaq\EAKDRV\EAUSBKBD.exe
PRC - [2002/05/10 12:50:04 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2002/04/14 06:29:58 | 000,438,272 | ---- | M] (Compaq Computer Corporation) -- C:\Program Files\compaq\Easy Access Button Support\CPQEADM.exe
PRC - [2001/12/15 00:01:24 | 000,032,768 | ---- | M] (Compaq Computer Corporation) -- C:\Program Files\compaq\Easy Access Button Support\STARTEAK.exe
PRC - [2001/08/10 01:46:44 | 000,064,512 | -H-- | M] (America Online, Inc.) -- C:\WINDOWS\system32\PackethSvc.exe
PRC - [2001/03/23 21:34:10 | 000,122,880 | ---- | M] (Compaq Computer Corporation) -- C:\Program Files\compaq\Easy Access Button Support\BttnServ.exe


========== Modules (No Company Name) ==========

MOD - [2007/04/25 14:28:34 | 000,954,368 | ---- | M] () -- C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe
MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
MOD - [2003/08/02 23:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll
MOD - [1998/12/21 03:35:36 | 000,024,576 | ---- | M] () -- C:\Program Files\compaq\Easy Access Button Support\BttnSeps.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (msCMTSrvc)
SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - [2003/08/12 12:50:40 | 001,376,360 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2002/05/24 12:46:14 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11)
SRV - [2002/05/17 02:30:12 | 000,262,144 | ---- | M] (NeoPlanet) [Disabled | Stopped] -- C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -- (Compaq_RBA)
SRV - [2002/05/10 12:50:04 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2001/08/10 01:46:44 | 000,064,512 | -H-- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\system32\PackethSvc.exe -- (PackethSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2008/10/16 20:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/07/24 18:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2004/08/04 07:00:00 | 000,138,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/03/31 13:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/07/13 06:27:04 | 000,155,008 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2002/06/22 04:29:30 | 000,656,172 | ---- | M] (Avance Logic, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Avance AC97 Audio (WDM)
DRV - [2002/05/24 12:46:14 | 000,050,896 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphid411.sys -- (Dot4 HPH11)
DRV - [2002/05/24 12:46:14 | 000,018,928 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphius11.sys -- (Dot4Usb HPH11)
DRV - [2002/05/24 12:46:14 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphipr11.sys -- (Dot4Print HPH11)
DRV - [2001/08/10 03:26:02 | 000,022,608 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wandrv.sys -- (wandrv)
DRV - [2001/08/08 15:13:36 | 000,158,140 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2001/08/08 15:13:30 | 000,012,479 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2001/08/08 15:13:30 | 000,012,031 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2001/08/08 15:13:30 | 000,011,679 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2001/08/08 15:13:28 | 000,019,359 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2001/08/08 15:13:28 | 000,011,999 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2001/08/08 15:13:26 | 000,033,503 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2001/08/08 15:13:24 | 000,029,215 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2001/08/08 15:13:24 | 000,023,519 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/08 15:13:24 | 000,019,199 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [1999/10/30 00:35:08 | 000,024,348 | ---- | M] (Compaq Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EAWDMFD.SYS -- (EAWDMFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/.../search/ie.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.aol.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/03 08:16:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/01 10:29:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Owner\Application Data\Move Networks [2009/09/24 08:05:47 | 000,000,000 | ---D | M]

[2008/12/17 09:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/09/27 08:08:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7r646om.default\extensions
[2011/09/27 08:08:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a7r646om.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/26 08:22:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/02/10 07:15:11 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/03 08:16:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/10/03 08:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java™ Platform SE 6 U13 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/10/06 11:40:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll File not found
O2 - BHO: (Reg Error: Value error.) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CPQEASYACC] C:\Program Files\compaq\Easy Access Button Support\STARTEAK.exe (Compaq Computer Corporation)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [WCOLOREAL] C:\Program Files\COMPAQ\Coloreal\coloreal.exe ()
O4 - HKLM..\Run: [WwUeOtySDo4Q8234A] C:\WINDOWS\system32\XllOONtxP0u3Gaj.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: RemindU. - C:\Program Files\Upromise_Remind_U\UpromisesRemindU\UpromisetRemindU\uproC0.htm ()
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.av.a...83/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Ad.pewtarex.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{800B941B-1605-49D1-A59E-567F4C06CBA9}: NameServer = 192.168.0.2,4.2.2.3
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/08/01 21:46:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/06 11:41:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\nD2onF4am5W7E8T
[2011/10/06 11:41:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ctzPNycA1
[2011/10/06 11:08:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/06 11:05:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/06 11:05:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/06 11:05:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/06 11:05:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/06 11:05:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/06 11:05:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Videos
[2011/10/06 11:05:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2011/10/06 11:03:52 | 004,245,600 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/10/06 10:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\XvS2obF3pGsJdKg
[2011/10/06 10:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\hYCekIVrzNx0
[2011/10/06 10:36:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\KD2obF4pm5Q7E8R
[2011/10/06 10:36:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\EkIBrzPyx1
[2011/10/06 10:32:58 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/10/06 10:24:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/06 10:24:07 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/06 10:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\oc1v3n4m6W7LgZ
[2011/10/06 10:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\A0v2b3GsJ
[2011/10/05 15:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vsJdKgZhXkVlBPy
[2011/10/05 15:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\EDoGaHs7R9TqU
[2011/10/05 15:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/05 15:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/05 15:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TvoFaHsJ7E8TqYw
[2011/10/05 15:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\E8fRL9hTXjClBzN
[2011/10/05 15:19:33 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\iexplore.exe
[2011/10/05 15:15:05 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/05 15:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\IobF4pmG5Q7E
[2011/10/05 15:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ERZqhYXwkVlBx0c
[2011/10/05 15:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\kzP0ycS1iDoGaHs
[2011/10/05 15:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\YJ6dEK8fR9YwUeO
[2011/10/05 13:53:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\WuSoFpGsJdKgZhX
[2011/10/05 13:53:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\HoFaHsJE9TqYeIr
[2011/10/05 08:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\VoGa6WfLq
[2011/10/05 08:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\T9YwUeOtP
[2011/10/05 07:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\zbFG5QJdE8R9YwU
[2011/10/05 07:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\fbFpG5sQJdKgZhX
[2011/10/04 15:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/10/04 15:35:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/10/04 15:35:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/10/04 15:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\V8gRZ9hYXkVlBx0
[2011/10/04 15:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\QA0uvS2ob3m5Q6E
[2011/10/04 15:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\YelOBtxP0c
[2011/10/04 15:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\HsQJ6dEK8R9YwU
[2011/10/04 15:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Open Cloud AV
[2011/10/04 15:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\VssQJJ6RZkVexiD
[2011/10/04 15:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\gnnnG4aaQHs
[2011/10/04 15:12:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\H11uuvDmH58YwkV

========== Files - Modified Within 30 Days ==========

[2011/10/06 11:51:11 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job
[2011/10/06 11:41:57 | 000,001,723 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Open Cloud AV.lnk
[2011/10/06 11:41:04 | 000,000,191 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/10/06 11:40:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/06 11:40:43 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011/10/06 11:40:38 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/06 11:40:33 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/06 11:40:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/06 11:40:25 | 535,392,256 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/06 11:08:15 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/06 11:04:16 | 004,245,600 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/10/06 10:43:05 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/06 10:37:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/06 10:33:01 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/10/06 10:32:48 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.com
[2011/10/05 15:54:54 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2011/10/05 15:47:04 | 000,501,408 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/10/05 15:10:12 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\iexplore.exe
[2011/10/05 15:06:58 | 000,002,229 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/10/05 13:55:03 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2011/10/05 08:30:55 | 000,001,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/10/04 15:13:18 | 000,001,213 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\ldr.ini
[2011/10/04 15:12:08 | 002,410,496 | ---- | M] () -- C:\WINDOWS\System32\XllOONtxP0u3Gaj.exe
[2011/10/04 08:09:36 | 000,000,491 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/10/01 10:30:32 | 000,398,760 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/09/26 08:22:22 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/26 08:22:22 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/20 10:03:32 | 073,496,160 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe

========== Files Created - No Company Name ==========

[2011/10/06 11:51:11 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\HP WEP.job
[2011/10/06 11:08:15 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2011/10/06 11:08:07 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/06 11:05:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/06 11:05:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/06 11:05:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/06 11:05:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/06 11:05:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/06 10:35:03 | 535,392,256 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/06 10:32:42 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rkill.com
[2011/10/05 15:54:54 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2011/10/05 15:46:57 | 000,501,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/10/05 15:06:58 | 000,002,229 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/10/04 15:13:20 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Open Cloud AV.lnk
[2011/10/04 15:13:15 | 000,001,213 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ldr.ini
[2011/10/04 15:12:08 | 002,410,496 | ---- | C] () -- C:\WINDOWS\System32\XllOONtxP0u3Gaj.exe
[2011/09/26 08:22:22 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2009/10/14 08:58:09 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/02/11 14:06:42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2008/08/06 06:35:56 | 000,061,504 | ---- | C] () -- C:\WINDOWS\System32\licensemanager.exe
[2008/08/06 06:35:56 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\U25STORE.DLL
[2008/08/06 06:35:56 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\U25TOTAL.DLL
[2008/08/06 06:35:56 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\smtls32.dll
[2008/08/06 06:35:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\U2LBAR.DLL
[2008/08/06 06:35:50 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\Ltfil60n.dll
[2008/08/06 06:35:44 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\Lfbmp60n.dll
[2008/08/06 06:35:44 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\Lfwmf60n.dll
[2008/08/06 06:35:43 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\Lffax60n.dll
[2008/08/06 06:35:43 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\Lfcmp60n.dll
[2008/08/06 06:35:43 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\Lfpng60n.dll
[2008/08/06 06:35:43 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\Lftif60n.dll
[2008/08/06 06:35:43 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\Lfpcx60n.dll
[2008/08/06 06:35:43 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\Lfpct60n.dll
[2008/08/06 06:35:43 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\Lfeps60n.dll
[2008/08/06 06:35:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\Lfpsd60n.dll
[2008/08/06 06:35:43 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Lftga60n.dll
[2008/08/06 06:35:43 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\Lfwpg60n.dll
[2008/08/06 06:35:43 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\Lfmsp60n.dll
[2008/08/06 06:35:43 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Lfmac60n.dll
[2008/08/06 06:35:42 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\Regsvr16.exe
[2008/08/06 06:33:02 | 000,000,184 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2007/07/26 12:01:50 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2006/04/13 11:37:31 | 000,000,059 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2006/04/13 11:37:31 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2006/04/13 11:37:31 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2005/11/08 12:11:11 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2005/08/02 08:55:14 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/05/21 14:37:05 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/11/18 10:11:24 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/11/18 10:11:23 | 000,000,051 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,138,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\afd.sys
[2004/08/04 07:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/01/14 16:55:09 | 000,000,723 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2003/08/28 08:00:21 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/07/10 12:07:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dm.ini
[2003/02/22 11:03:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2003/02/07 09:59:04 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2003/01/16 15:54:09 | 000,010,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\PACKET.SYS
[2003/01/15 15:49:35 | 000,000,491 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/01/15 15:49:24 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2002/11/27 17:11:41 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2002/11/26 21:34:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2002/11/13 16:20:31 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/08/02 03:11:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/08/02 00:19:00 | 000,000,470 | ---- | C] () -- C:\WINDOWS\ikey.ini
[2002/08/02 00:16:30 | 000,009,310 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2002/08/01 23:59:15 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/08/01 23:59:14 | 000,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/08/01 23:59:13 | 000,007,406 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2002/08/01 23:10:54 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2002/08/01 22:50:25 | 000,000,029 | ---- | C] () -- C:\WINDOWS\ALSndMgr.ini
[2002/08/01 22:41:52 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2002/08/01 22:41:52 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2002/08/01 22:41:23 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2002/08/01 21:52:20 | 000,000,799 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/08/01 21:50:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/08/01 21:43:39 | 000,022,736 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/08/01 21:41:46 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/08/01 21:33:03 | 000,000,557 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/08/01 21:32:23 | 000,404,170 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/01 21:32:23 | 000,064,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/01 14:37:30 | 000,004,331 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/08/01 14:36:30 | 000,145,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/06/20 19:09:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2002/06/01 00:59:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/05/24 12:46:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2002/05/24 12:44:48 | 000,004,760 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2002/05/22 21:44:14 | 000,009,785 | ---- | C] () -- C:\WINDOWS\System32\drivers\a312.sys
[2002/05/22 21:04:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2001/09/05 07:25:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\LoadDll.dll
[2001/09/01 00:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2001/08/08 15:13:22 | 000,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2000/10/25 13:15:00 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll

========== LOP Check ==========

[2002/08/02 04:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\America Online
[2009/02/13 14:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/10/05 16:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2004/01/14 16:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/10/06 10:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\A0v2b3GsJ
[2010/02/24 08:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2007/01/05 07:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CoreFTP
[2002/01/01 00:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\cP2DGaHd8
[2011/10/06 11:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ctzPNycA1
[2011/10/05 15:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\E8fRL9hTXjClBzN
[2011/10/05 15:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EDoGaHs7R9TqU
[2011/10/06 10:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EkIBrzPyx1
[2011/10/05 15:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ERZqhYXwkVlBx0c
[2011/10/05 07:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\fbFpG5sQJdKgZhX
[2011/10/04 15:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gnnnG4aaQHs
[2011/10/04 15:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\H11uuvDmH58YwkV
[2011/10/05 13:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HoFaHsJE9TqYeIr
[2011/10/04 15:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HsQJ6dEK8R9YwU
[2011/10/06 10:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\hYCekIVrzNx0
[2002/08/02 04:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2005/07/30 07:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2011/10/05 15:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IobF4pmG5Q7E
[2011/10/06 10:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\KD2obF4pm5Q7E8R
[2011/10/05 15:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\kzP0ycS1iDoGaHs
[2007/09/18 14:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2002/01/01 00:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mVzNx0v2b3m5Q6E
[2011/10/06 11:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\nD2onF4am5W7E8T
[2011/10/06 10:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\oc1v3n4m6W7LgZ
[2009/02/10 08:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2002/01/01 00:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OyyyxA11uv2ob4m
[2002/01/01 00:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\pQJJ7EKK8RZq
[2002/01/01 00:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PXXXqjjYCekBrO
[2011/10/04 15:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\QA0uvS2ob3m5Q6E
[2011/10/05 08:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\T9YwUeOtP
[2002/12/05 14:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2011/10/05 15:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TvoFaHsJ7E8TqYw
[2011/10/04 15:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\V8gRZ9hYXkVlBx0
[2004/01/12 11:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VERITAS
[2007/06/19 15:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2011/10/05 08:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VoGa6WfLq
[2011/10/05 15:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\vsJdKgZhXkVlBPy
[2011/10/04 15:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VssQJJ6RZkVexiD
[2011/10/05 13:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WuSoFpGsJdKgZhX
[2011/10/06 10:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\XvS2obF3pGsJdKg
[2011/10/04 15:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\YelOBtxP0c
[2011/10/05 15:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\YJ6dEK8fR9YwUeO
[2011/10/05 07:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\zbFG5QJdE8R9YwU
[2002/11/13 17:35:04 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job
[2002/11/13 17:35:05 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
[2002/11/13 17:35:06 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >


OTL Extras logfile created on: 10/6/2011 11:51:08 a. m. - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.52 Mb Total Physical Memory | 314.22 Mb Available Physical Memory | 61.55% Memory free
1.22 Gb Paging File | 1.10 Gb Available in Paging File | 90.11% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.93 Gb Total Space | 40.26 Gb Free Space | 71.98% Space Free | Partition Type: NTFS

Computer Name: YOUR-PA86Z1I3G7 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\Actinic Catalog v3\Catalog.exe" = C:\Program Files\Actinic Catalog v3\Catalog.exe:*:Enabled:Catalog - Internet Sales Application -- (Actinic Software)
"C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Enabled:Dreamweaver MX -- (Macromedia, Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE -- (Software 2000 Limited)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE -- (Software 2000 Limited)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = RecordNow Update Manager
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = DLA
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7699B723-9718-41DE-8C18-549F341C02CE}" = Crystal Reports for PFW
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{8214CC02-6271-4DC8-B8DD-779933450264}" = RecordNow
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{93539D60-1817-11D1-9504-00805F26A89C}" = Easy Access Button Support
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec USB/Ethernet Home DSL Modem
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.8
"{BDE90251-93EB-4F6A-89D8-086E2D91DC56}" = Coloreal
"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD
"{C4C1AFCD-2C72-48B4-AE2E-A7354A525E87}" = Compaq Advisor
"{C9618743-1A5C-461E-91C4-E013A3D70F3C}" = Adobe® Photoshop® Album Starter Edition 3.0.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Microsoft Money 2002 System Pack
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E7298FD5-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money 2002
"{E8010B32-BB8F-4600-9FB7-FDF16A69F1D8}" = hppusgP1500
"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"Actinic Catalog v3" = Actinic Catalog 3
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"America Online us" = America Online (Choose which version to remove)
"AolCoach" = AOL Coach Version 1.0(Build:20030807.3)
"CCleaner" = CCleaner
"CompuServe us" = CompuServe 2000
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"HP LaserJet P1500 series" = HP LaserJet P1500 series
"hphuni04" = Photosmart 130,230,7150,7345,7350,7550 (Remove only)
"Inactive HP Printer Drivers (Remove only)" = Inactive HP Printer Drivers (Remove only)
"JRE 1.3.1" = Java 2 Runtime Environment Standard Edition v1.3.1
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Pervasive.SQL 2000 Client" = Pervasive.SQL 2000i Client v7.94
"Platinum for Windows by Best" = Platinum for Windows by Best
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"Quicken 2002 New User Edition" = Quicken 2002 New User Edition
"Quicken Financial Center" = Quicken Financial Center
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealOne Player
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SpywareGuard_is1" = SpywareGuard v2.2
"StreetPlugin" = Learn2 Player (Uninstall Only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/6/2011 12:26:49 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = ESENT | ID = 494
Description = wuauclt (1780) Database recovery failed with error -1216 because it
encountered references to a database, 'C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb',
which is no longer present. The database was not brought to a consistent state
before it was removed (or possibly moved or renamed). The database engine will not
permit recovery to complete for this instance until the missing database is re-instated.
If the database is truly no longer available and no longer required, please contact
PSS for further instructions regarding the steps required in order to allow recovery
to proceed without this database.

Error - 10/6/2011 12:26:49 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = ESENT | ID = 454
Description = wuauclt (1780) Database recovery/restore failed with unexpected error
-1216.

Error - 10/6/2011 12:26:50 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = ESENT | ID = 494
Description = wuauclt (904) Database recovery failed with error -1216 because it
encountered references to a database, 'C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb',
which is no longer present. The database was not brought to a consistent state
before it was removed (or possibly moved or renamed). The database engine will not
permit recovery to complete for this instance until the missing database is re-instated.
If the database is truly no longer available and no longer required, please contact
PSS for further instructions regarding the steps required in order to allow recovery
to proceed without this database.

Error - 10/6/2011 12:26:50 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = ESENT | ID = 454
Description = wuauclt (904) Database recovery/restore failed with unexpected error
-1216.

Error - 10/6/2011 12:27:43 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 10/6/2011 12:28:23 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 10/6/2011 12:29:43 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 10/6/2011 12:40:35 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 10/6/2011 12:41:18 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 10/6/2011 12:42:40 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ System Events ]
Error - 10/6/2011 12:42:32 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952450 (0x80072742).

Error - 10/6/2011 12:42:32 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952450 (0x80072742).

Error - 10/6/2011 12:42:44 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 10/6/2011 12:42:44 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952450 (0x80072742).

Error - 10/6/2011 12:43:14 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 10/6/2011 12:43:14 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952450 (0x80072742).

Error - 10/6/2011 12:43:44 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 10/6/2011 12:51:08 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 10/6/2011 12:51:08 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 10/6/2011 12:51:08 p. m. | Computer Name = YOUR-PA86Z1I3G7 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\HP\Dfawep\bin\MFC80U.DLL.
Reference
error message: The operation completed successfully. .


< End of report >


Thanks for all your help!!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP