Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijacked by Get-answers-fast and/or kozanekosearchsystem


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Don't worry about ad-watch. Mistake on my part.
  • 0

Advertisements


#17
wifeiskillinme

wifeiskillinme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Ron, you may have missed my prior post. I put 2 out there in a row.

I can't find anything that would indicate that Ad-watch is running. I looked at the link in your post on how to disable it but I don't have it in my system tray and I can't find it anywhere on the computer.

I went ahead and uninstalled the other programs as directed.

Am I good to continue on? I'm assuming you saw something that led you to believe I have ad-watch.

I will wait to hear from you before moving forward with anything else


Thanks
  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Don't worry about ad-watch. Mistake on my part.
  • 0

#19
wifeiskillinme

wifeiskillinme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Here is the log from doing the RUN FIX in OTL followed by the OTL logs running it the second time. Doing the disk check now
_________________________
______________________________________________-
_______________________________________________________________
_______________________________________________________________________

========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.
File C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
c:\Program Files\BAE\BAE.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MSKDetectorExe deleted successfully.
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\XoftSpySE not found.
File C:\Program Files\XoftSpySE6\XoftSpySE.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SUPERAntiSpyware not found.
File C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\updateMgr deleted successfully.
File C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe not found.
File move failed. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk scheduled to be moved on reboot.
File C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe not found.
File move failed. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk scheduled to be moved on reboot.
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bwfile-8876480\ deleted successfully.
Invalid CLSID key: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
File C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon\ not found.
File C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ not found.
File C:\Program Files\SUPERAntiSpyware\SASSEH.DLL not found.
C:\Documents and Settings\terri\Local Settings\Application Data\4076ca4d\U folder moved successfully.
C:\Documents and Settings\terri\Local Settings\Application Data\4076ca4d folder moved successfully.
File C:\Documents and Settings\All Users\Desktop\XoftSpySE.lnk not found.
File C:\WINDOWS\tasks\ParetoLogic Update Version3.job not found.
File C:\WINDOWS\tasks\XoftSpySE.job not found.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\terri\My Documents\cmd.bat deleted successfully.
C:\Documents and Settings\terri\My Documents\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\terri\My Documents\cmd.bat deleted successfully.
C:\Documents and Settings\terri\My Documents\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\terri\My Documents\cmd.bat deleted successfully.
C:\Documents and Settings\terri\My Documents\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\terri\My Documents\cmd.bat deleted successfully.
C:\Documents and Settings\terri\My Documents\cmd.txt deleted successfully.
< sc config "Viewpoint Manager Service" start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\terri\My Documents\cmd.bat deleted successfully.
C:\Documents and Settings\terri\My Documents\cmd.txt deleted successfully.
< sc config AppMgmt start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\terri\My Documents\cmd.bat deleted successfully.
C:\Documents and Settings\terri\My Documents\cmd.txt deleted successfully.
< sc config !SASCORE start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\terri\My Documents\cmd.bat deleted successfully.
C:\Documents and Settings\terri\My Documents\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11302011_141252

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk not found!
File\Folder C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk not found!

Registry entries deleted on Reboot...

__________________________
__________________________________
_________________________________________________________
_____________________________________________________________________

Here are the 2 logs from otl running it the second time

OTL logfile created on: 11/30/2011 2:17:00 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\terri\My Documents
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 79.50% Memory free
2.58 Gb Paging File | 2.31 Gb Available in Paging File | 89.62% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 65.25 Gb Free Space | 60.09% Space Free | Partition Type: NTFS
Drive D: | 37.11 Gb Total Space | 37.03 Gb Free Space | 99.78% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 249.60 Mb Total Space | 58.42 Mb Free Space | 23.41% Space Free | Partition Type: FAT

Computer Name: TERRIPC | User Name: terri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/30 08:22:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\terri\My Documents\OTL (1).exe
PRC - [2011/11/29 11:39:11 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/11/29 11:39:10 | 000,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
PRC - [2011/11/29 11:39:09 | 001,249,792 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/03/05 20:04:06 | 001,156,384 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2008/08/14 16:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 16:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 16:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/01/25 13:32:56 | 000,689,416 | ---- | M] (Logitech, Inc.) -- c:\Program Files\Logitech\QuickCam\LU\LogitechUpdate.exe
PRC - [2008/01/25 13:32:48 | 000,191,240 | ---- | M] (Logitech, Inc.) -- c:\Program Files\Logitech\QuickCam\LU\LULnchr.exe
PRC - [2006/06/05 20:00:04 | 000,554,496 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2006/06/05 20:00:04 | 000,415,744 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
PRC - [2006/06/05 19:48:38 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2005/10/05 02:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 18:20:46 | 000,464,384 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
PRC - [2005/09/08 18:20:46 | 000,110,592 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
PRC - [2005/09/08 18:20:46 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
PRC - [2005/09/08 04:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/11/11 21:00:04 | 000,864,256 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2010/04/14 07:08:17 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
MOD - [2010/04/14 07:06:36 | 000,676,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\0418eb6dbffe9b46aa4c989153d6a3b5\System.Security.ni.dll
MOD - [2010/04/14 07:06:30 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
MOD - [2010/04/14 07:01:48 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
MOD - [2010/04/14 06:54:24 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2010/04/14 06:54:02 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2008/08/14 16:22:36 | 000,112,912 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\LAppRes.DLL
MOD - [2008/08/14 16:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
MOD - [2008/08/14 16:13:30 | 000,149,264 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiVOIPDevicePlugin.dll
MOD - [2008/08/14 16:13:08 | 000,165,136 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless4001.dll
MOD - [2008/08/14 16:13:08 | 000,138,000 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless.dll
MOD - [2008/08/14 16:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MOD - [2008/08/14 16:11:48 | 000,345,872 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\DevMngr.dll
MOD - [2006/06/05 20:00:04 | 000,554,496 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
MOD - [2006/06/05 20:00:04 | 000,524,288 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
MOD - [2006/06/05 20:00:04 | 000,415,744 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
MOD - [2006/06/05 20:00:04 | 000,140,800 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopDeskbar2.dll
MOD - [2006/06/05 20:00:04 | 000,137,728 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopHyper.dll
MOD - [2005/10/05 02:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
MOD - [2005/09/01 06:51:14 | 000,122,880 | ---- | M] () -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmgit.dll
MOD - [2003/09/23 00:00:00 | 000,106,496 | ---- | M] () -- C:\Program Files\Dell\ShareDLL\djbsdk.dll
MOD - [2003/04/08 10:13:18 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\PRTSERV.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Viewpoint Manager Service)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - File not found [Disabled | Stopped] -- -- (!SASCORE)
SRV - [2011/11/29 11:39:11 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/11/29 11:39:10 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2011/11/29 11:39:09 | 001,249,792 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)


========== Driver Services (SafeList) ==========

DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2008/07/26 10:26:56 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/07/26 10:26:44 | 004,658,584 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2008/07/26 10:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 10:25:48 | 000,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 07:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/06/05 19:48:41 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/11/25 17:43:48 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2005/11/16 20:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...-inc&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...-inc&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\terri\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\terri\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/28 14:34:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/11/28 14:34:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\terri\Application Data\Mozilla\Extensions
[2011/11/28 14:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\terri\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\terri\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\terri\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\terri\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/11/30 14:13:06 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://qbp.webex.co.../ra/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCE04F9A-1783-4C43-B5F4-44249CCF1B34}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\terri\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\terri\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/30 14:12:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/30 11:50:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/30 11:37:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/30 08:23:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\terri\My Documents\OTL (1).exe
[2011/11/29 17:00:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/11/29 13:58:11 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netbt.sys
[2011/11/29 13:51:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/29 13:46:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/29 13:46:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/29 13:46:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/29 13:46:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/29 13:46:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/29 13:45:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/29 13:41:49 | 004,321,290 | R--- | C] (Swearware) -- C:\Documents and Settings\terri\My Documents\ComboFix.exe
[2011/11/29 13:41:37 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\terri\My Documents\tdsskiller.exe
[2011/11/29 13:38:56 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\terri\My Documents\aswMBR.exe
[2011/11/29 08:31:16 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/11/29 08:31:16 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/11/29 08:29:30 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/11/29 08:17:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\terri\My Documents\OTL.exe
[2011/11/29 07:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/11/28 19:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/28 18:26:49 | 004,135,632 | ---- | C] (ParetoLogic Inc.) -- C:\Documents and Settings\terri\My Documents\XoftSpySE_Setup_RW.exe
[2011/11/28 14:38:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/28 14:37:58 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/28 14:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/28 14:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\terri\Local Settings\Application Data\Mozilla
[2011/11/28 14:34:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/11/28 14:00:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/11/27 15:42:34 | 000,000,000 | ---D | C] -- C:\QB 2011
[2011/11/20 12:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/11/20 12:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/20 12:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/20 12:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/11/20 12:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/08 16:19:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\terri\Application Data\ScanSoft
[2011/11/08 16:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\terri\My Documents\My PaperPort Documents
[2008/04/22 20:47:10 | 001,723,432 | ---- | C] (Yugma,Inc. ) -- C:\Documents and Settings\All Users\Application Data\Yugma-Uninstaller.exe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/30 14:14:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/30 14:14:37 | 2137,149,440 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/30 14:14:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/11/30 14:14:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/11/30 14:13:06 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/11/30 14:06:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1944172404-2730849703-1090397954-1006UA.job
[2011/11/30 08:22:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\terri\My Documents\OTL (1).exe
[2011/11/29 17:34:35 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\terri\My Documents\MBR.dat
[2011/11/29 13:51:35 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/11/29 13:45:23 | 000,000,544 | ---- | M] () -- C:\Documents and Settings\terri\Desktop\Shortcut to ComboFix.exe.lnk
[2011/11/29 13:45:18 | 000,000,554 | ---- | M] () -- C:\Documents and Settings\terri\Desktop\Shortcut to tdsskiller.exe.lnk
[2011/11/29 13:45:02 | 000,000,532 | ---- | M] () -- C:\Documents and Settings\terri\Desktop\Shortcut to aswMBR.exe.lnk
[2011/11/29 13:39:20 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\terri\My Documents\tdsskiller.exe
[2011/11/29 13:38:36 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\terri\My Documents\aswMBR.exe
[2011/11/29 13:36:56 | 004,321,290 | R--- | M] (Swearware) -- C:\Documents and Settings\terri\My Documents\ComboFix.exe
[2011/11/29 11:53:25 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\terri\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2011/11/29 07:19:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/28 21:34:56 | 000,000,626 | ---- | M] () -- C:\WINDOWS\hpstatusx.ini
[2011/11/28 20:46:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\terri\My Documents\OTL.exe
[2011/11/28 19:06:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1944172404-2730849703-1090397954-1006Core.job
[2011/11/28 18:24:34 | 004,135,632 | ---- | M] (ParetoLogic Inc.) -- C:\Documents and Settings\terri\My Documents\XoftSpySE_Setup_RW.exe
[2011/11/28 14:38:01 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/28 14:34:41 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\terri\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/28 14:34:41 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/28 14:16:36 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/11/27 19:38:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/20 16:07:43 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\terri\Desktop\Google Chrome.lnk
[2011/11/20 16:07:43 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\terri\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/20 12:40:43 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/11/20 12:20:58 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\terri\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/11/14 15:39:50 | 000,688,097 | ---- | M] () -- C:\Documents and Settings\terri\My Documents\ken disessa cancel service contract.pdf
[2011/11/13 12:25:18 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\terri\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/11 16:35:49 | 000,021,508 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\.DS_Store
[2011/11/11 15:44:36 | 010,158,317 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Wood Duck Collage.jpg
[2011/11/08 16:23:50 | 000,516,995 | ---- | M] () -- C:\Documents and Settings\terri\My Documents\Tuesday, November 08, 2011.pdf
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/30 08:20:15 | 2137,149,440 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/29 17:34:35 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\terri\My Documents\MBR.dat
[2011/11/29 13:51:35 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/11/29 13:51:20 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/29 13:46:14 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/29 13:46:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/29 13:46:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/29 13:46:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/29 13:46:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/29 13:45:23 | 000,000,544 | ---- | C] () -- C:\Documents and Settings\terri\Desktop\Shortcut to ComboFix.exe.lnk
[2011/11/29 13:45:18 | 000,000,554 | ---- | C] () -- C:\Documents and Settings\terri\Desktop\Shortcut to tdsskiller.exe.lnk
[2011/11/29 13:45:02 | 000,000,532 | ---- | C] () -- C:\Documents and Settings\terri\Desktop\Shortcut to aswMBR.exe.lnk
[2011/11/28 14:38:01 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/28 14:34:41 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\terri\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/28 14:34:41 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/28 14:34:41 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/20 12:40:43 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/11/20 12:20:58 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\terri\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/11/14 15:39:50 | 000,688,097 | ---- | C] () -- C:\Documents and Settings\terri\My Documents\ken disessa cancel service contract.pdf
[2011/11/11 15:44:35 | 010,158,317 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Wood Duck Collage.jpg
[2011/11/08 16:23:45 | 000,516,995 | ---- | C] () -- C:\Documents and Settings\terri\My Documents\Tuesday, November 08, 2011.pdf
[2010/12/05 13:16:48 | 000,022,797 | ---- | C] () -- C:\Documents and Settings\terri\Application Data\Microsoft Excel.ADR
[2010/12/05 13:14:07 | 000,022,084 | ---- | C] () -- C:\Documents and Settings\terri\Application Data\Tab Separated Values (Windows).ADR
[2010/12/05 13:12:26 | 000,022,807 | ---- | C] () -- C:\Documents and Settings\terri\Application Data\Tab Separated Values (DOS).ADR
[2010/08/22 20:35:02 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/11 20:48:41 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\terri\Application Data\dvd.bmk
[2010/08/10 11:45:35 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/04/14 06:54:15 | 000,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/04/14 06:51:54 | 000,002,432 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/10/18 20:01:32 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\terri\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/03 11:53:07 | 000,053,068 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/05/10 18:45:50 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Install.ini
[2008/07/26 07:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/10/23 17:22:30 | 000,001,216 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2007/01/28 13:57:11 | 000,000,059 | ---- | C] () -- C:\WINDOWS\sview.ini
[2006/12/10 21:05:46 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2006/10/10 20:41:44 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006/10/10 20:41:44 | 000,000,050 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2006/09/18 13:37:50 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 13:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2006/08/07 21:04:21 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/08/07 21:04:21 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\2FCC179395.sys
[2006/07/04 19:02:20 | 000,050,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\atntwink.sys
[2006/06/22 20:59:15 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/06/13 19:37:25 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\PRTSERV.dll
[2006/06/10 21:56:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/10 14:52:51 | 000,000,152 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2006/06/10 14:52:50 | 000,001,337 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2006/06/10 14:52:50 | 000,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2006/06/10 14:52:50 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7420.dat
[2006/06/10 14:52:50 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/06/10 14:52:24 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2006/06/10 14:52:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2006/06/10 14:50:42 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/06/10 14:40:44 | 000,000,626 | ---- | C] () -- C:\WINDOWS\hpstatusx.ini
[2006/06/10 14:38:14 | 000,013,364 | ---- | C] () -- C:\WINDOWS\hplj1500.ini
[2006/06/10 14:37:45 | 000,000,372 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2006/06/10 14:37:44 | 000,000,280 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2006/06/10 14:17:45 | 000,000,165 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/06/10 10:03:35 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\terri\Local Settings\Application Data\fusioncache.dat
[2006/06/05 20:05:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/05 19:59:33 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/05 19:55:39 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/06/05 19:53:59 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/06/05 19:47:51 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/06/05 19:26:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/06/05 19:26:14 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 12:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 11:57:15 | 000,258,248 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 11:51:21 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 11:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 11:51:20 | 000,442,466 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 11:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 11:51:20 | 000,071,732 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 11:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 11:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 11:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 11:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 11:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 11:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 11:51:09 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/10 11:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 11:50:56 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2003/06/05 06:36:05 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\HPBVNSTP.dll
[2003/06/05 06:36:05 | 000,000,209 | ---- | C] () -- C:\WINDOWS\System32\HPBVNSTP.dat
[2002/03/04 09:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/03/22 04:24:22 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\psctsnmp.dll
[1999/01/04 12:25:00 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[1998/11/04 01:20:00 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 60 bytes -> C:\Documents and Settings\All Users\Documents\Wood Duck Collage.jpg:AFP_AfpInfo

< End of report >
_______________________________
_______________________________________________________
________________________________________________________________
_______________________________________________________________________________

OTL Extras logfile created on: 11/30/2011 2:17:00 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\terri\My Documents
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 79.50% Memory free
2.58 Gb Paging File | 2.31 Gb Available in Paging File | 89.62% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 65.25 Gb Free Space | 60.09% Space Free | Partition Type: NTFS
Drive D: | 37.11 Gb Total Space | 37.03 Gb Free Space | 99.78% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 249.60 Mb Total Space | 58.42 Mb Free Space | 23.41% Space Free | Partition Type: FAT

Computer Name: TERRIPC | User Name: terri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"443:TCP" = 443:TCP:*:Enabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Enabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Enabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Enabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Enabled:ooVoo UDP port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe:*:Enabled:QuickBooks 2010 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
"C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe:*:Enabled:QuickBooks 2011 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Documents and Settings\terri\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\terri\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Program Files\Logitech\QuickCam\LU\LogitechUpdate.exe" = C:\Program Files\Logitech\QuickCam\LU\LogitechUpdate.exe:*:Enabled:Logitech Updater -- (Logitech, Inc.)
"C:\Program Files\Common Files\Java\Java Update\jaucheck.exe" = C:\Program Files\Common Files\Java\Java Update\jaucheck.exe:*:Enabled:Java™ Update Client Checker
"C:\Program Files\Common Files\Java\Java Update\jucheck.exe" = C:\Program Files\Common Files\Java\Java Update\jucheck.exe:*:Enabled:Java™ Update Checker
"C:\Program Files\MUSICMATCH\Common\ComponentMgr\MMComponentMgr.exe" = C:\Program Files\MUSICMATCH\Common\ComponentMgr\MMComponentMgr.exe:*:Enabled:Musicmatch Component Manager -- (Musicmatch, Inc.)
"C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe" = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe:*:Enabled:QuickBooks Automatic Update -- (Intuit Inc.)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A423-40A5-BD20-04BF618CA0F9}" = QuickBooks Premier: Accountant Edition 2010
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0B325F20-59AD-4D6B-976B-C12E5CD675C7}" = Install Notes
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{11E0AC7D-6823-4F67-865F-EE1C13D28C38}" = QuickBooks Premier: Accountant Edition 2011
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{1265A07C-5B80-4D8C-A076-FD7E2AFE4435}" = HP LaserJet Fonts
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{14374624-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Premier Edition 2005
"{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks
"{2b02f822-a9b9-458c-80e5-3ea8c0de8471}" = QuickBooks Pro Edition 2004
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{55584E16-4D70-44EE-93DD-F144E8B7D4B7}" = QuickBooks Product Listing Service
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5DB7F50E-0649-4347-B003-8CEFBFB9D9D1}" = hp color LaserJet 1500
"{69B02159-7624-4DBB-B9EE-F933039830AD}" = QuickBooks Premier Edition 2006
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E545666-F422-45FD-B3DF-C0B99A1A579F}" = QuickBooks Pro 2007
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{9068A4FE-BBD5-48BF-96C7-3EA967C71D43}" = User Guide
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E06C8E13-7A8C-434C-8548-34BC4762212D}" = Logitech Harmony Remote Software 7
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"ActiveTouchMeetingClient" = WebEx
"Google Desktop" = Google Desktop
"HP Color LaserJet CP3505" = HP Color LaserJet CP3505
"InfraRecorder" = InfraRecorder
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mirage Driver_is1" = Mirage Driver 1.1
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"Print Server Driver" = Print Server Driver
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.8.0.723
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/29/2011 9:19:42 AM | Computer Name = TERRIPC | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/29/2011 9:20:23 AM | Computer Name = TERRIPC | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/29/2011 9:23:15 AM | Computer Name = TERRIPC | Source = Application Hang | ID = 1002
Description = Hanging application OTL.scr, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/29/2011 9:23:36 AM | Computer Name = TERRIPC | Source = Application Hang | ID = 1002
Description = Hanging application OTL.com, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/29/2011 10:03:23 AM | Computer Name = TERRIPC | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
source could be found for product Microsoft Office 2000 Professional. The Windows
installer cannot continue.

Error - 11/29/2011 12:56:43 PM | Computer Name = TERRIPC | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 11/29/2011 1:09:44 PM | Computer Name = TERRIPC | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
source could be found for product Microsoft Office 2000 Professional. The Windows
installer cannot continue.

Error - 11/29/2011 1:22:49 PM | Computer Name = TERRIPC | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/29/2011 1:59:41 PM | Computer Name = TERRIPC | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
source could be found for product Microsoft Office 2000 Professional. The Windows
installer cannot continue.

Error - 11/30/2011 3:14:47 PM | Computer Name = TERRIPC | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

[ System Events ]
Error - 11/30/2011 12:57:43 PM | Computer Name = TERRIPC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/30/2011 12:57:43 PM | Computer Name = TERRIPC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/30/2011 12:57:43 PM | Computer Name = TERRIPC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/30/2011 12:57:43 PM | Computer Name = TERRIPC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/30/2011 12:57:43 PM | Computer Name = TERRIPC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/30/2011 12:57:43 PM | Computer Name = TERRIPC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/30/2011 3:10:28 PM | Computer Name = TERRIPC | Source = Service Control Manager | ID = 7000
Description = The SAS Core Service service failed to start due to the following
error: %%2

Error - 11/30/2011 3:10:28 PM | Computer Name = TERRIPC | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%3

Error - 11/30/2011 3:12:54 PM | Computer Name = TERRIPC | Source = Service Control Manager | ID = 7034
Description = The QBCFMonitorService service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/30/2011 3:12:55 PM | Computer Name = TERRIPC | Source = Service Control Manager | ID = 7034
Description = The QBIDPService service terminated unexpectedly. It has done this
1 time(s).


< End of report >
  • 0

#20
wifeiskillinme

wifeiskillinme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Ron, here is the rest of the stuff you requested in the following order
event viewer log system
event viewer log application
Speccy log
process explorer log

Thanks

______________
_________________________
_________________________________________
___________________________________________________


Vino's Event Viewer v01c run on Windows XP in English
Report run at 30/11/2011 4:17:53 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
________________
_________________________________________
_________________________________________________
________________________________________________________________


Vino's Event Viewer v01c run on Windows XP in English
Report run at 30/11/2011 4:20:11 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 30/11/2011 3:31:36 PM
Type: warning Category: 1
Event: 32068 Source: Microsoft Fax
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '*' Area code: '*'

Log: 'Application' Date/Time: 30/11/2011 3:31:36 PM
Type: warning Category: 1
Event: 32026 Source: Microsoft Fax
Fax Service failed to initialize any assigned fax devices (virtual or TAPI). No faxes can be sent or received until a fax device is installed.

Log: 'Application' Date/Time: 30/11/2011 2:25:14 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user TERRIPC\terri registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

____________________________
__________________________________________
____________________________________________________
__________________________________________________________________

Summary
Operating System
MS Windows XP Home 32-bit SP2
CPU
Intel Pentium 4 521
Prescott 90nm Technology
RAM
2.00 GB Dual-Channel DDR2 @ 266MHz (4-4-4-12)
Motherboard
Dell Inc. 0JC474 (Microprocessor)
Graphics
DELL IN1910N ([email protected])
Intel® 82915G/GV/910GL Express Chipset Family
Mirage Driver
Hard Drives
156GB SAMSUNG SAMSUNG HD160JJ/P (SATA) 42 °C
Optical Drives
TSSTcorp CDRWDVD TS-H492C
Audio
SigmaTel High Definition Audio CODEC
Operating System
MS Windows XP Home 32-bit SP2
Installation Date: 08 June 2006, 21:57
Serial Number:
Windows Security Center
Firewall Disabled
Antivirus Disabled
Windows Update
AutoUpdate Disabled
Environment Variables
USERPROFILE C:\Documents and Settings\terri
SystemRoot C:\WINDOWS
User Variables
TEMP C:\Documents and Settings\terri\Local Settings\Temp
TMP C:\Documents and Settings\terri\Local Settings\Temp
Machine Variables
ComSpec C:\WINDOWS\system32\cmd.exe
Path C:\WINDOWS\system32
C:\WINDOWS
C:\WINDOWS\system32\wbem
C:\Program Files\Common Files\Roxio Shared\DLLShared
C:\Program Files\Common Files\Intuit\QBPOSSDKRuntime
C:\Program Files\QuickTime\QTSystem
windir C:\WINDOWS
FP_NO_HOST_CHECK NO
OS Windows_NT
PROCESSOR_ARCHITECTURE x86
PROCESSOR_LEVEL 15
PROCESSOR_IDENTIFIER x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_REVISION 0409
NUMBER_OF_PROCESSORS 2
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP C:\WINDOWS\TEMP
TMP C:\WINDOWS\TEMP
SonicCentral C:\Program Files\Common Files\Sonic Shared\Sonic Central\
ASLOGDIR C:\Program Files\Intuit\QuickBooks 2006\
asl.log Destination=file;OnFirstLog=command,environment
CLASSPATH .;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
QTJAVA C:\Program Files\Java\jre6\lib\ext\QTJava.zip
Battery
AC line Online
Battery full time Unknown
Battery Charge % Unknown
Battery State No Battery
Amount of time remaining (sec) Unknown
Power Profile
Active power scheme Home/Office Desk
Hibernation Enabled
Power Shutdown Enabled
Power Suspend Enabled
Turn Off Monitor after: (On AC Power) Never
Turn Off Monitor after: (On Battery Power) 5 min
Turn Off Hard Disk after: (On AC Power) 60 min
Turn Off Hard Disk after: (On Battery Power) 10 min
Suspend after: (On AC Power) 300 min
Suspend after: (On Battery Power) 5 min
Screen saver Enabled
Uptime
Current Session
Current Time 11/30/2011 4:24:20 PM
Current Uptime 3262 sec (0 d, 00 h, 54 m, 22 s)
Last Boot Time 11/30/2011 3:29:58 PM
TimeZone
TimeZone GMT -5 Hours
Language English
Country United States
Currency $
Date Format M/d/yyyy
Time Format h:mm:ss tt
Scheduler
GoogleUpdateTaskMachineUA 11/30/2011 4:27 PM;Every 1 hour(s) from 4:27 PM for 24 hour(s) every day, starting 11/30/2011
GoogleUpdateTaskMachineCore 11/30/2011 4:27 PM;Run at user logon
GoogleUpdateTaskUserS-1-5-21-1944172404-2730849703-1090397954-1006UA 11/30/2011 5:06 PM;Every 1 hour(s) from 7:06 PM for 24 hour(s) every day, starting 10/19/2011
GoogleUpdateTaskUserS-1-5-21-1944172404-2730849703-1090397954-1006Core 11/30/2011 7:06 PM;At 7:06 PM every day, starting 10/19/2011
AppleSoftwareUpdate 12/6/2011 7:19 AM;At 7:19 AM every Tue of every week, starting 8/8/2011
Process List
alg.exe
Process ID 3152
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\WINDOWS\System32\alg.exe
Memory Usage 3.24 MB
Peak Memory Usage 3.25 MB
brctrcen.exe
Process ID 420
User terri
Domain TERRIPC
Path C:\Program Files\Brother\ControlCenter2\brctrcen.exe
Memory Usage 6.56 MB
Peak Memory Usage 6.64 MB
cocimanager.exe
Process ID 1596
User terri
Domain TERRIPC
Path C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
Memory Usage 4.53 MB
Peak Memory Usage 4.99 MB
communications_helper.exe
Process ID 920
User terri
Domain TERRIPC
Path C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
Memory Usage 5.00 MB
Peak Memory Usage 5.46 MB
csrss.exe
Process ID 616
User SYSTEM
Domain NT AUTHORITY
Path \??\C:\WINDOWS\system32\csrss.exe
Memory Usage 3.81 MB
Peak Memory Usage 3.84 MB
dlactrlw.exe
Process ID 220
User terri
Domain TERRIPC
Path C:\WINDOWS\System32\DLA\DLACTRLW.EXE
Memory Usage 3.28 MB
Peak Memory Usage 3.28 MB
dmxlauncher.exe
Process ID 1864
User terri
Domain TERRIPC
Path C:\Program Files\Dell\Media Experience\DMXLauncher.exe
Memory Usage 2.29 MB
Peak Memory Usage 2.29 MB
explorer.exe
Process ID 1700
User terri
Domain TERRIPC
Path C:\WINDOWS\Explorer.EXE
Memory Usage 28 MB
Peak Memory Usage 29 MB
googledesktop.exe
Process ID 232
User terri
Domain TERRIPC
Path C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
Memory Usage 648 KB
Peak Memory Usage 2.52 MB
googledesktopdisplay.exe
Process ID 544
User terri
Domain TERRIPC
Path C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
Memory Usage 3.18 MB
Peak Memory Usage 3.18 MB
googledesktopindex.exe
Process ID 484
User terri
Domain TERRIPC
Path C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
Memory Usage 2.00 MB
Peak Memory Usage 2.00 MB
googleupdate.exe
Process ID 1752
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Google\Update\GoogleUpdate.exe
Memory Usage 3.59 MB
Peak Memory Usage 3.59 MB
hkcmd.exe
Process ID 1848
User terri
Domain TERRIPC
Path C:\WINDOWS\system32\hkcmd.exe
Memory Usage 2.43 MB
Peak Memory Usage 2.44 MB
igfxpers.exe
Process ID 1856
User terri
Domain TERRIPC
Path C:\WINDOWS\system32\igfxpers.exe
Memory Usage 2.41 MB
Peak Memory Usage 2.41 MB
issch.exe
Process ID 196
User terri
Domain TERRIPC
Path C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
Memory Usage 904 KB
Peak Memory Usage 1.01 MB
logitechupdate.exe
Process ID 3232
User terri
Domain TERRIPC
Path c:\program files\logitech\quickcam\lu\LogitechUpdate.exe
Memory Usage 5.84 MB
Peak Memory Usage 5.84 MB
lsass.exe
Process ID 696
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\lsass.exe
Memory Usage 2.27 MB
Peak Memory Usage 5.57 MB
lulnchr.exe
Process ID 3248
User terri
Domain TERRIPC
Path c:\program files\logitech\quickcam\lu\lulnchr.exe
Memory Usage 3.25 MB
Peak Memory Usage 3.25 MB
mim.exe
Process ID 584
User terri
Domain TERRIPC
Path C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
Memory Usage 1.71 MB
Peak Memory Usage 22 MB
mm_tray.exe
Process ID 132
User terri
Domain TERRIPC
Path C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
Memory Usage 3.97 MB
Peak Memory Usage 3.97 MB
mmdiag.exe
Process ID 472
User terri
Domain TERRIPC
Path C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
Memory Usage 272 KB
Peak Memory Usage 3.24 MB
msiexec.exe
Process ID 2768
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\msiexec.exe
Memory Usage 7.81 MB
Peak Memory Usage 8.18 MB
pptd40nt.exe
Process ID 272
User terri
Domain TERRIPC
Path C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
Memory Usage 2.19 MB
Peak Memory Usage 2.19 MB
qbcfmonitorservice.exe
Process ID 120
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
Memory Usage 8.33 MB
Peak Memory Usage 8.37 MB
qbidpservice.exe
Process ID 1312
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
Memory Usage 8.70 MB
Peak Memory Usage 8.72 MB
qbupdate.exe
Process ID 1260
User terri
Domain TERRIPC
Path C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
Memory Usage 14 MB
Peak Memory Usage 14 MB
quickcam.exe
Process ID 892
User terri
Domain TERRIPC
Path C:\Program Files\Logitech\QuickCam\Quickcam.exe
Memory Usage 7.35 MB
Peak Memory Usage 7.80 MB
realplay.exe
Process ID 1920
User terri
Domain TERRIPC
Path C:\Program Files\Real\RealPlayer\RealPlay.exe
Memory Usage 9.59 MB
Peak Memory Usage 10 MB
services.exe
Process ID 684
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\services.exe
Memory Usage 4.26 MB
Peak Memory Usage 4.45 MB
smss.exe
Process ID 552
User SYSTEM
Domain NT AUTHORITY
Path \SystemRoot\System32\smss.exe
Memory Usage 388 KB
Peak Memory Usage 480 KB
speccy.exe
Process ID 3212
User terri
Domain TERRIPC
Path C:\Program Files\Speccy\Speccy.exe
Memory Usage 14 MB
Peak Memory Usage 14 MB
spoolsv.exe
Process ID 1512
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\spoolsv.exe
Memory Usage 5.73 MB
Peak Memory Usage 5.80 MB
svchost.exe
Process ID 884
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 5.81 MB
Peak Memory Usage 5.86 MB
svchost.exe
Process ID 2004
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\WINDOWS\System32\svchost.exe
Memory Usage 2.65 MB
Peak Memory Usage 2.65 MB
svchost.exe
Process ID 1320
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 4.59 MB
Peak Memory Usage 4.59 MB
svchost.exe
Process ID 1688
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 4.63 MB
Peak Memory Usage 4.68 MB
svchost.exe
Process ID 1180
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 3.00 MB
Peak Memory Usage 3.04 MB
svchost.exe
Process ID 1092
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\System32\svchost.exe
Memory Usage 27 MB
Peak Memory Usage 27 MB
svchost.exe
Process ID 992
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 5.19 MB
Peak Memory Usage 5.19 MB
system
Process ID 4
Memory Usage 236 KB
Peak Memory Usage 4.69 MB
system idle process
Process ID 0
wdfmgr.exe
Process ID 1768
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\WINDOWS\system32\wdfmgr.exe
Memory Usage 1.61 MB
Peak Memory Usage 1.63 MB
winlogon.exe
Process ID 640
User SYSTEM
Domain NT AUTHORITY
Path \??\C:\WINDOWS\system32\winlogon.exe
Memory Usage 1.06 MB
Peak Memory Usage 12 MB
wmiprvse.exe
Process ID 3708
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\WINDOWS\system32\wbem\wmiprvse.exe
Memory Usage 6.34 MB
Peak Memory Usage 6.34 MB
wscntfy.exe
Process ID 3208
User terri
Domain TERRIPC
Path C:\WINDOWS\system32\wscntfy.exe
Memory Usage 1.83 MB
Peak Memory Usage 1.83 MB
Hotfixes
System Folders
Path for burning CD C:\Documents and Settings\terri\Local Settings\Application Data\Microsoft\CD Burning
Application Data C:\Documents and Settings\All Users\Application Data
Public Desktop C:\Documents and Settings\All Users\Desktop
Documents C:\Documents and Settings\All Users\Documents
Global Favorites C:\Documents and Settings\All Users\Favorites
Music C:\Documents and Settings\All Users\Documents\My Music
Pictures C:\Documents and Settings\All Users\Documents\My Pictures
Start Menu Programs C:\Documents and Settings\All Users\Start Menu\Programs
Start Menu C:\Documents and Settings\All Users\Start Menu
Startup C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Templates C:\Documents and Settings\All Users\Templates
Videos C:\Documents and Settings\All Users\Documents\My Videos
Cookies C:\Documents and Settings\terri\Cookies
Desktop C:\Documents and Settings\terri\Desktop
Physical Desktop C:\Documents and Settings\terri\Desktop
User Favorites C:\Documents and Settings\terri\Favorites
Fonts C:\WINDOWS\Fonts
Internet History C:\Documents and Settings\terri\Local Settings\History
Temporary Internet Files C:\Documents and Settings\terri\Local Settings\Temporary Internet Files
Local Application Data C:\Documents and Settings\terri\Local Settings\Application Data
Windows directory C:\WINDOWS
Windows/System C:\WINDOWS\system32
Program Files C:\Program Files
Device Tree
ACPI Multiprocessor PC
Microsoft ACPI-Compliant System
ACPI Power Button
Intel® Pentium® 4 CPU 2.80GHz
Intel® Pentium® 4 CPU 2.80GHz
System board
Motherboard resources
ACPI Fixed Feature Button
PCI bus
Intel® 915G/P/GV/GL/PL/910GE/GL Processor to I/O Controller - 2580
Intel® 82801FB/FBM PCI Express Root Port - 2660
Intel® 82801FB/FBM PCI Express Root Port - 2662
Intel® 82801FB/FBM SMBus Controller - 266A
Intel® 82915G/GV/910GL Express Chipset Family
Plug and Play Monitor
Plug and Play Monitor
Microsoft UAA Bus Driver for High Definition Audio
SigmaTel High Definition Audio CODEC
Intel® 82801FB/FBM USB Universal Host Controller - 2658
USB Root Hub
USB Composite Device
USB Human Interface Device
HID-compliant mouse
USB Human Interface Device
HID-compliant consumer control device
HID-compliant device
HID-compliant device
Intel® 82801FB/FBM USB Universal Host Controller - 2659
USB Root Hub
USB Human Interface Device
HID Keyboard Device
Intel® 82801FB/FBM USB Universal Host Controller - 265A
USB Root Hub
USB Composite Device
Brother MFC-7420 USB
Brother MFC-7420 USB Remote Setup Port (COM4)
USB Printing Support
Brother MFC-7420 USB Printer
Intel® 82801FB/FBM USB Universal Host Controller - 265B
USB Root Hub
Intel® 82801FB/FBM USB2 Enhanced Host Controller - 265C
USB Root Hub
Logitech USB Camera (QuickCam S5500)
Logitech QuickCam S5500
Logitech Mic (QuickCam S5500)
USB Mass Storage Device
Disk drive
Generic volume
Intel® 82801 PCI Bridge - 244E
Intel® PRO/100 VE Network Connection
Intel® 82801FB LPC Interface Controller - 2640
ISAPNP Read Data Port
System board
Direct memory access controller
Numeric data processor
Programmable interrupt controller
System speaker
System CMOS/real time clock
System timer
Standard floppy disk controller
Floppy disk drive
Intel® 82801FB/FBM Ultra ATA Storage Controllers - 266F
Primary IDE Channel
TSSTcorp CDRWDVD TS-H492C
Intel® 82801FB Ultra ATA Storage Controllers - 2652
Secondary IDE Channel
Primary IDE Channel
SAMSUNG HD160JJ/P
Services
Running Application Layer Gateway Service
Running Automatic Updates
Running Background Intelligent Transfer Service
Running COM+ Event System
Running Computer Browser
Running CryptSvc
Running DCOM Server Process Launcher
Running DHCP Client
Running Distributed Link Tracking Client
Running DNS Client
Running Error Reporting Service
Running Event Log
Running Fast User Switching Compatibility
Running Google Update Service (gupdate)
Running Help and Support
Running HID Input Service
Running IPSEC Services
Running Network Connections
Running Network Location Awareness (NLA)
Running Plug and Play
Running Pml Driver HPZ12
Running Print Spooler
Running Protected Storage
Running QBCFMonitorService
Running QBIDPService
Running Remote Access Connection Manager
Running Remote Procedure Call (RPC)
Running Secondary Logon
Running Security Accounts Manager
Running Security Center
Running Server
Running Shell Hardware Detection
Running SSDP Discovery Service
Running System Event Notification
Running System Restore Service
Running Task Scheduler
Running TCP/IP NetBIOS Helper
Running Telephony
Running Terminal Services
Running Themes
Running WebClient
Running Windows Audio
Running Windows Firewall/Internet Connection Sharing (ICS)
Running Windows Image Acquisition (WIA)
Running Windows Installer
Running Windows Management Instrumentation
Running Windows Time
Running Windows User Mode Driver Framework
Running Wireless Zero Configuration
Running Workstation
Stopped .NET Runtime Optimization Service v2.0.50727_X86
Stopped Alerter
Stopped Application Management
Stopped ASP.NET State Service
Stopped Bonjour Service
Stopped ClipBook
Stopped COM+ System Application
Stopped Distributed Transaction Coordinator
Stopped Fax
Stopped Google Software Updater
Stopped HTTP SSL
Stopped IMAPI CD-Burning COM Service
Stopped Indexing Service
Stopped Intel NCS NetService
Stopped Intuit QuickBooks FCS
Stopped Logical Disk Manager
Stopped Logical Disk Manager Administrative Service
Stopped Messenger
Stopped MS Software Shadow Copy Provider
Stopped Net Logon
Stopped Net.Tcp Port Sharing Service
Stopped NetMeeting Remote Desktop Sharing
Stopped Network DDE
Stopped Network DDE DSDM
Stopped Network Provisioning Service
Stopped NT LM Security Support Provider
Stopped Performance Logs and Alerts
Stopped Portable Media Serial Number Service
Stopped QoS RSVP
Stopped Remote Access Auto Connection Manager
Stopped Remote Desktop Help Session Manager
Stopped Remote Procedure Call (RPC) Locator
Stopped Removable Storage
Stopped Routing and Remote Access
Stopped SAS Core Service
Stopped Smart Card
Stopped Uninterruptible Power Supply
Stopped Universal Plug and Play Device Host
Stopped Viewpoint Manager Service
Stopped Volume Shadow Copy
Stopped Windows CardSpace
Stopped Windows Presentation Foundation Font Cache 3.0.0.0
Stopped WMI Performance Adapter
CPU
Intel Pentium 4 521
Cores 1
Threads 2
Name Intel Pentium 4 521
Code Name Prescott
Package Socket 775 LGA
Technology 90nm
Specification Intel® Pentium® 4 CPU 2.80GHz
Family F
Extended Family F
Model 4
Extended Model 4
Stepping 9
Revision G1
Instructions MMX, SSE, SSE2, SSE3, Intel 64
Virtualization Unsupported
Hyperthreading Supported, Enabled
Bus Speed 199.5 MHz
Rated Bus Speed 798.0 MHz
Stock Core Speed 2800 MHz
Stock Bus Speed 200 MHz
Caches
L1 Data Cache Size 16 KBytes
L1 trace cache 12 Kµops
L2 Unified Cache Size 1024 KBytes
Core 0
Core Speed 2793.0 MHz
Multiplier x 14.0
Bus Speed 199.5 MHz
Rated Bus Speed 798.0 MHz
Thread 1
APIC ID 0
Thread 2
APIC ID 1
RAM
Memory slots
Total memory slots 2
Used memory slots 2
Free memory slots 0
Memory
Type DDR2
Size 2048 MBytes
Channels # Dual
DRAM Frequency 266.0 MHz
CAS# Latency (CL) 4 clocks
RAS# to CAS# Delay (tRCD) 4 clocks
RAS# Precharge (tRP) 4 clocks
Cycle Time (tRAS) 12 clocks
Physical Memory
Memory Usage 21 %
Total Physical 1.99 GB
Available Physical 1.55 GB
Total Virtual 2.58 GB
Available Virtual 2.30 GB
SPD
Number Of SPD Modules 2
Slot #1
Type DDR2
Size 1024 MBytes
Manufacturer Hyundai Electronics
Max Bandwidth PC2-6400 (400 MHz)
Part Number HYMP112U64CP8-S6
Serial Number 3D44416A
Week/year 01 / 11
SPD Ext. EPP
JEDEC #3
Frequency 400.0 MHz
CAS# Latency 6.0
RAS# To CAS# 6
RAS# Precharge 6
tRAS 18
tRC 24
Voltage 1.800 V
JEDEC #2
Frequency 333.3 MHz
CAS# Latency 5.0
RAS# To CAS# 6
RAS# Precharge 6
tRAS 16
tRC 21
Voltage 1.800 V
JEDEC #1
Frequency 266.7 MHz
CAS# Latency 4.0
RAS# To CAS# 4
RAS# Precharge 4
tRAS 12
tRC 16
Voltage 1.800 V
Slot #2
Type DDR2
Size 1024 MBytes
Manufacturer Hyundai Electronics
Max Bandwidth PC2-6400 (400 MHz)
Part Number HYMP112U64CP8-S6
Serial Number 3C535CFD
Week/year 02 / 11
SPD Ext. EPP
JEDEC #3
Frequency 400.0 MHz
CAS# Latency 6.0
RAS# To CAS# 6
RAS# Precharge 6
tRAS 18
tRC 24
Voltage 1.800 V
JEDEC #2
Frequency 333.3 MHz
CAS# Latency 5.0
RAS# To CAS# 6
RAS# Precharge 6
tRAS 16
tRC 21
Voltage 1.800 V
JEDEC #1
Frequency 266.7 MHz
CAS# Latency 4.0
RAS# To CAS# 4
RAS# Precharge 4
tRAS 12
tRC 16
Voltage 1.800 V
Motherboard
Manufacturer Dell Inc.
Model 0JC474 (Microprocessor)
Chipset Vendor Intel
Chipset Model i915P/i915G
Chipset Revision B1
Southbridge Vendor Intel
Southbridge Model 82801FB (ICH6)
Southbridge Revision 04
BIOS
Brand Dell Inc.
Version A04
Date 04/04/2006
PCI Data
Slot PCI
Slot Type PCI
Slot Usage Available
Bus Width 32 bit
Slot Designation PCI_1
Slot Number 0
Slot PCI
Slot Type PCI
Slot Usage Available
Bus Width 32 bit
Slot Designation PCI_2
Slot Number 1
Slot PCI
Slot Type PCI
Slot Usage Available
Bus Width Unknown
Slot Designation PCI_E_1
Slot Number 2
Slot UNKNOWN
Slot Type UNKNOWN
Slot Usage In Use
Bus Width Unknown
Slot Designation PEG
Slot Number 3
Graphics
Monitor
Name DELL IN1910N on Intel 82915G/GV/910GL Express Chipset Family
Current Resolution 1366x768 pixels
Work Resolution 1366x734 pixels
State enabled, primary, output devices support
Monitor Width 1366
Monitor Height 768
Monitor BPP 32 bits per pixel
Monitor Frequency 60 Hz
Device \\.\DISPLAY1\Monitor0
Intel® 82915G/GV/910GL Express Chipset Family
Memory 128 MB
Memory type 2
Driver version 6.14.10.4410
Mirage Driver
Memory type 2
Driver version 1.1 (build 68)
OpenGL
Version 1.4.0 - Build 4.14.10.4410
Vendor Intel
Renderer Intel 915G
GLU Version 1.2.2.0 Microsoft Corporation
Values
GL_MAX_LIGHTS 16
GL_MAX_TEXTURE_SIZE 2048
GL_MAX_TEXTURE_STACK_DEPTH 10
GL Extensions
GL_ARB_depth_texture
GL_ARB_fragment_program
GL_ARB_multitexture
GL_ARB_point_parameters
GL_ARB_shadow
GL_ARB_texture_border_clamp
GL_ARB_texture_compression
GL_ARB_texture_cube_map
GL_ARB_texture_env_add
GL_ARB_texture_env_combine
GL_ARB_texture_env_dot3
GL_ARB_texture_env_crossbar
GL_ARB_transpose_matrix
GL_ARB_vertex_buffer_object
GL_ARB_vertex_program
GL_ARB_window_pos
GL_EXT_abgr
GL_EXT_bgra
GL_EXT_blend_color
GL_EXT_blend_func_separate
GL_EXT_blend_minmax
GL_EXT_blend_subtract
GL_EXT_clip_volume_hint
GL_EXT_compiled_vertex_array
GL_EXT_cull_vertex
GL_EXT_draw_range_elements
GL_EXT_fog_coord
GL_EXT_multi_draw_arrays
GL_EXT_packed_pixels
GL_EXT_rescale_normal
GL_EXT_secondary_color
GL_EXT_separate_specular_color
GL_EXT_shadow_funcs
GL_EXT_stencil_two_side
GL_EXT_stencil_wrap
GL_EXT_texture_compression_s3tc
GL_EXT_texture_env_add
GL_EXT_texture_env_combine
GL_EXT_texture_filter_anisotropic
GL_EXT_texture3D
GL_3DFX_texture_compression_FXT1
GL_IBM_texture_mirrored_repeat
GL_NV_blend_square
GL_NV_texgen_reflection
GL_SGIS_generate_mipmap
GL_WIN_swap_hint
GLU Extensions
GL_EXT_bgra
Hard Drives
SAMSUNG HD160JJ/P
Manufacturer SAMSUNG
Business Unit/Brand Desktop
Model Capacity For This Specific Drive 1.6TB
Heads 16
Cylinders 16383
SATA type SATA-II 3.0Gb/s
Device type Fixed
ATA Standard ATA/ATAPI-7
LBA Size 48-bit LBA
Power On Count 184 times
Power On Time 1903.0 days
Features S.M.A.R.T., AAM, NCQ
Transfer Mode SATA II
Interface SATA
Capacity 156GB
Real size 160,000,000,000 bytes
RAID Type None
S.M.A.R.T
01 Read Error Rate 100 (100 worst) Data 0000000014
03 Spin-Up Time 100 (100) Data 0000001800
04 Start/Stop Count 100 (100) Data 000000011E
05 Reallocated Sectors Count 253 (253) Data 0000000000
07 Seek Error Rate 253 (253) Data 0000000000
08 Seek Time Performance 253 (253) Data 0000000000
09 Power-On Hours (POH) 100 (100) Data 000000B267
0A Spin Retry Count 253 (253) Data 0000000000
0B Recalibration Retries 253 (253) Data 0000000000
0C Device Power Cycle Count 100 (100) Data 00000000B8
BE Temperature Difference from 100 112 (073) Data 000000002A
C2 Temperature 112 (073) Data 000000002A
C3 Hardware ECC Recovered 100 (100) Data 0001C8D230
C4 Reallocation Event Count 253 (253) Data 0000000000
C5 Current Pending Sector Count 253 (253) Data 0000000000
C6 Uncorrectable Sector Count 253 (253) Data 0000000000
C7 UltraDMA CRC Error Count 200 (200) Data 0000000000
C8 Write Error Rate / Multi-Zone Error Rate 100 (100) Data 0000000000
C9 Soft Read Error Rate 100 (100) Data 0000000000
CA Data Address Mark errors 253 (253) Data 0000000000
Temperature 42 °C
Temperature Range ok (less than 50 °C)
Status Good
Partition 0
Partition ID Disk #0, Partition #0
Size 39.1 MB
Partition 1
Partition ID Disk #0, Partition #1
Disk Letter C:
File System NTFS
Volume Serial Number 781A25DA
Size 109GB
Used Space 43GB (40%)
Free Space 65GB (60%)
Partition 2
Partition ID Disk #0, Partition #2
Disk Letter D:
File System NTFS
Volume Serial Number 846A9D03
Size 37.1GB
Used Space 84MB (1%)
Free Space 37.0GB (99%)
Partition 3
Partition ID Disk #0, Partition #3
Size 3.27 GB
Optical Drives
TSSTcorp CDRWDVD TS-H492C
Media Type CD-ROM
Name TSSTcorp CDRWDVD TS-H492C
Availability Running/Full Power
Capabilities Random Access, Supports Removable Media
Config Manager Error Code Device is working properly
Config Manager User Config FALSE
Drive E:
Media Loaded TRUE
SCSI Bus 0
SCSI Logical Unit 0
SCSI Port 0
SCSI Target Id 0
Size
Status OK
Volume Name Audio CD
Volume Serial Number 19ECFFA
Audio
Sound Cards
SigmaTel High Definition Audio CODEC
Logitech Mic (QuickCam S5500)
Playback Device
Logitech Mic (QuickCam S5500)
Recording Device
SigmaTel Audio
Speaker Configuration
Speaker Configuration
Speaker type Stereo
Peripherals
HID Keyboard Device
Device Kind Keyboard
Device Name HID Keyboard Device
Vendor Unknown
Location Location 0
Driver
Date 7-1-2001
Version 5.1.2600.2180
File C:\WINDOWS\system32\DRIVERS\kbdhid.sys
File C:\WINDOWS\system32\DRIVERS\kbdclass.sys
HID-compliant mouse
Device Kind Mouse
Device Name HID-compliant mouse
Vendor Logitech
Location Location 0
Driver
Date 7-1-2001
Version 5.1.2600.0
File C:\WINDOWS\system32\DRIVERS\mouclass.sys
File C:\WINDOWS\system32\DRIVERS\mouhid.sys
Brother MFC-7420 USB Printer
Device Kind Printer
Device Name Brother MFC-7420 USB Printer
Location USB Printing Support
Driver
Date 11-9-2004
Version 1.0.0.3
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\brothermfc_7420a0cd\BM7420.PPD
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\brothermfc_7420a0cd\BM7420.INI
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\brothermfc_7420a0cd\BM7420.DAT
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\brothermfc_7420a0cd\BW7420.INI
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\brothermfc_7420a0cd\BE7420.DAT
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\brothermfc_7420a0cd\BROMF04B.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\brothermfc_7420a0cd\BRUMF04B.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\brothermfc_7420a0cd\BRLMF04B.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\brothermfc_7420a0cd\BROMF04B.HLP
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\brothermfc_7420a0cd\BRMS104B.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\brothermfc_7420a0cd\BRMS404B.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\brothermfc_7420a0cd\BRQIKMON.EXE
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\brothermfc_7420a0cd\BRQIKMON.HLP
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\brothermfc_7420a0cd\BRMD04.EXE
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\brothermfc_7420a0cd\BRB7404B.DLL
File C:\WINDOWS\System32\spool\DRIVERS\W32X86\brothermfc_7420a0cd\BRB7504B.DLL
Logitech QuickCam S5500
Device Kind Camera/scanner
Device Name Logitech QuickCam S5500
Vendor Logitech
Comment Logitech QuickCam S5500
Location USB Device (Location 0)
Driver
Date 7-26-2008
Version 11.80.1048.0
File C:\WINDOWS\system32\ksuser.dll
File C:\WINDOWS\system32\ksproxy.ax
File C:\WINDOWS\system32\drivers\ks.sys
File C:\WINDOWS\system32\kstvtune.ax
File C:\WINDOWS\system32\ksxbar.ax
File C:\WINDOWS\system32\kswdmcap.ax
File C:\WINDOWS\system32\vidcap.ax
File C:\WINDOWS\system32\dshowext.ax
File C:\WINDOWS\system32\vfwwdm32.dll
File C:\WINDOWS\system32\iyuv_32.dll
File C:\WINDOWS\system32\msh263.drv
File C:\WINDOWS\system32\msyuv.dll
File C:\WINDOWS\system32\tsbyuv.dll
File C:\Program Files\Common Files\logishrd\WUApp32.exe
File C:\WINDOWS\system32\drivers\lvuvc.sys
File C:\WINDOWS\TWAIN_32\QuickCam\lvWIAext.dll
File C:\WINDOWS\system32\lvcodec2.dll
File C:\WINDOWS\system32\LVUI2.dll
File C:\WINDOWS\system32\LVUI2RC.dll
File C:\WINDOWS\system32\drivers\LVUSBSta.sys
File C:\WINDOWS\system32\lvci11801048.dll
File C:\WINDOWS\system32\lvcoinst.ini
Brother MFC-7420 USB
Device Kind Camera/scanner
Device Name Brother MFC-7420 USB
Vendor Unknown
Comment Brother MFC-7420 USB
Location USB Device (Location 0)
Driver
Date 11-10-2004
Version 1.0.0.1
File C:\WINDOWS\system32\BrWia04b.dll
File C:\WINDOWS\system32\BrUSi04b.dll
File C:\WINDOWS\System32\Drivers\BrScnUsb.sys
File C:\WINDOWS\system32\spool\drivers\color\brmsl08f.icm
File C:\WINDOWS\TWAIN_32\BrMfSc05\MF7420U\BrTwdFe.ds
File C:\WINDOWS\TWAIN_32\BrMfSc05\MF7420U\BRMSL08F.CM
File C:\WINDOWS\TWAIN_32\BrMfSc05\MF7420U\TWMF7420U.INI
File C:\WINDOWS\TWAIN_32\BrMfSc05\Common\BrTwds.dll
File C:\WINDOWS\TWAIN_32\BrMfSc05\Common\BrTwdsUi.dll
File C:\WINDOWS\TWAIN_32\BrMfSc05\Common\BrTwdScn.dll
File C:\WINDOWS\TWAIN_32\BrMfSc05\Common\BrScnDev.dll
File C:\WINDOWS\TWAIN_32\BrMfSc05\Common\BrStiIf.dll
File C:\WINDOWS\TWAIN_32\BrMfSc05\Common\Brcolm32.dll
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrTwdDan.dll
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrS04Dan.hlp
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrTwdDut.dll
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrS04Dut.hlp
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrTwdEng.dll
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrS04Eng.hlp
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrTwdFre.dll
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrS04Fre.hlp
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrTwdCze.dll
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrS04Cze.hlp
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrTwdHun.dll
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrS04Hun.hlp
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrTwdPol.dll
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrS04Pol.hlp
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrTwdRus.dll
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrS04Rus.hlp
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrTwdGer.dll
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrS04Ger.hlp
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrTwdIta.dll
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrS04Ita.hlp
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrTwdJpn.dll
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrS04Jpn.hlp
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrTwdNor.dll
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrS04Nor.hlp
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrTwdPor.dll
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrS04Por.hlp
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrTwdSpa.dll
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrS04Spa.hlp
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrTwdSwe.dll
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrS04Swe.hlp
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrTwdUsa.dll
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrS04Usa.hlp
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrTwdChn.dll
File C:\WINDOWS\TWAIN_32\BrMfSc05\Lang\BrS04Chn.hlp
Logitech Mic (QuickCam S5500)
Device Kind Audio device
Device Name Logitech Mic (QuickCam S5500)
Vendor Logitech
Location USB Device (Location 0)
Driver
Date 7-26-2008
Version 11.80.1048.0
File C:\WINDOWS\system32\ksuser.dll
File C:\WINDOWS\system32\ksproxy.ax
File C:\WINDOWS\system32\drivers\ks.sys
File C:\WINDOWS\system32\drivers\drmk.sys
File C:\WINDOWS\system32\drivers\portcls.sys
File C:\WINDOWS\system32\drivers\stream.sys
File C:\WINDOWS\system32\wdmaud.drv
File C:\WINDOWS\system32\drivers\USBAUDIO.sys
File C:\Program Files\Common Files\logishrd\WUApp32.exe
File C:\WINDOWS\system32\drivers\LVUSBSta.sys
File C:\WINDOWS\system32\drivers\lvrs.sys
File C:\WINDOWS\system32\lvci11801048.dll
File C:\WINDOWS\system32\lvcoinst.ini
File C:\WINDOWS\system32\Repository.reg
Disk drive
Device Kind USB storage
Device Name Disk drive
Vendor V88
Location Location 0
Driver
Date 7-1-2001
Version 5.1.2535.0
File C:\WINDOWS\system32\DRIVERS\disk.sys
Printers
ActiveTouch Document Loader
Printer Port LPT1:
Print Processor WinPrint
Availability Always
Priority 1
Duplex None
Print Quality 90 * 90 dpi Color
Status Unknown
Driver
Driver Name ActiveTouch Document Loader (v5.00)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRV.DLL
Auto Microsoft XPS Document Writer on KENSLAPTOP
Printer Port \\KENSLAPTOP\Printer3
Print Processor WinPrint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Color
Status Unknown
Driver
Driver Name Microsoft XPS Document Writer (v6.00)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdrv.dll
Brother MFC-7420 USB Printer (Default Printer)
Share Name brotherprtr
Printer Port USB002
Print Processor WinPrint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Monochrome
Status Unknown
Driver
Driver Name Brother MFC-7420 USB Printer (v3.06)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\BROMF04B.DLL
Brother PC-FAX
Printer Port USB002
Print Processor WinPrint
Availability Always
Priority 1
Duplex None
Print Quality 200 * 200 dpi Monochrome
Status Unknown
Driver
Driver Name Brother PC-FAX (v3.01)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\brofx04a.dll
HP Color LaserJet 1500
Printer Port \\GATEWAY_SYSTEM\Printer3
Print Processor WinPrint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Color
Status The printer is being deleted
Driver
Driver Name HP Color LaserJet 1500 (v5.00)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRV.dll
HP Color LaserJet CP3505 PCL 6
Share Name HPColor 3505 on Terri's PC
Printer Port DOT4_001
Print Processor HPZPP4v3
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Color
Status Unknown
Driver
Driver Name HP Color LaserJet CP3505 PCL 6 (v6.00)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRV.DLL
HP LaserJet 4
Printer Port DOT4_001
Print Processor WinPrint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Monochrome
Status Unknown
Driver
Driver Name HP LaserJet 4 (v6.00)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRV.DLL
Intuit Internal Printer
Printer Port LPT1:
Print Processor WinPrint
Availability Always
Priority 1
Duplex None
Print Quality 300 dpi Color
Status Unknown
Driver
Driver Name Amyuni PDF Converter 2.07 (v0.64)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\acpdf207.dll
Microsoft XPS Document Writer
Printer Port XPSPort:
Print Processor WinPrint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Color
Status Unknown
Driver
Driver Name Microsoft XPS Document Writer (v6.00)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdrv.dll
PaperPort Black & White Image
Printer Port BIPORT
Print Processor PaperPort Processor
Availability Always
Priority 1
Duplex None
Print Quality 4294967293 dpi Monochrome
Status Unknown
Driver
Driver Name PaperPort Mono Printer Driver (v5.11)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\ppbint.dll
PaperPort Color Image
Printer Port BIPORT
Print Processor PaperPort Processor
Availability Always
Priority 1
Duplex None
Print Quality 4294967294 dpi Color
Status Unknown
Driver
Driver Name PaperPort Color Printer Driver (v5.11)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\ppbint.dll
QuickBooks PDF Converter
Printer Port SHRFAX:
Print Processor WinPrint
Availability Always
Priority 1
Duplex None
Print Quality 300 dpi Color
Status Unknown
Driver
Driver Name Amyuni Document Converter 2.51 (v0.64)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\acpdf251.dll
QuickBooks PDF Converter 2.0
Printer Port LPT1:
Print Processor WinPrint
Availability Always
Priority 1
Duplex None
Print Quality 600 dpi Color
Status Unknown
Driver
Driver Name Amyuni Document Converter 400 (v0.64)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\acpdf400.dll
Quicken PDF Printer
Printer Port LPT1:
Print Processor WinPrint
Availability Always
Priority 1
Duplex None
Print Quality 300 dpi Color
Status Unknown
Driver
Driver Name Amyuni Document Converter 300 (v0.64)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\acpdf300.dll
Network
You are connected to the internet
Connected through Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
IP Address 192.168.0.102
Subnet mask 255.255.255.0
Gateway server 192.168.0.1
Preferred DNS server 192.168.0.1
DHCP Enabled
DHCP server 192.168.0.1
External IP Address 24.47.149.80
Adapter Type Ethernet
NetBIOS over TCP/IP Enabled via DHCP
NETBIOS Node Type Hybrid node
Link Speed 0 kbps
Computer Name
NetBIOS Name TERRIPC
DNS Name terripc
Domain Name TERRIPC
Remote Desktop
Console
State Active
Domain TERRIPC
WinInet Info
LAN Connection
Local system uses a local area network to connect to the Internet
Local system has RAS to connect to the Internet
Wi-Fi Info
Wi-Fi not present
WinHTTPInfo
WinHTTPSessionProxyType No proxy
Session Proxy
Session Proxy Bypass
Connect Retries 5
Connect Timeout 60000
HTTP Version HTTP 1.1
Max Connects Per 1.0 Servers INFINITE
Max Connects Per Servers INFINITE
Max HTTP automatic redirects 10
Max HTTP status continue 10
Send Timeout 30000
IEProxy Auto Detect No
IEProxy Auto Config
IEProxy
IEProxy Bypass
Default Proxy Config Access Type No proxy
Default Config Proxy
Default Config Proxy Bypass
Adapters List
Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
IP Address 192.168.0.102
Subnet mask 255.255.255.0
Gateway server 192.168.0.1
Network Shares
SharedDocs C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS
backupdrive F:\
HPColor 3505 on Terri's PC HP Color LaserJet CP3505 PCL 6,LocalsplOnly
brotherprtr Brother MFC-7420 USB Printer,LocalsplOnly
Current TCP Connections
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (120)
Local 0.0.0.0:8019 LISTEN
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe (484)
Local 127.0.0.1:4664 LISTEN
C:\WINDOWS\System32\alg.exe (3152)
Local 127.0.0.1:1030 LISTEN
C:\WINDOWS\System32\svchost.exe (1092)
Local 192.168.0.102:1074 ESTABLISHED Remote 74.125.45.91:80 (Querying... ) (HTTP)
System Process
Local 0.0.0.0:445 (Windows shares) LISTEN
Local 192.168.0.102:139 (NetBIOS session service) LISTEN
c:\program files\logitech\quickcam\lu\LogitechUpdate.exe (3232)
Local 192.168.0.102:1055 CLOSE-WAIT Remote 213.35.100.25:80 (Querying... ) (HTTP)
svchost.exe (992)
Local 0.0.0.0:135 (DCE) LISTEN
_____________________
_______________________________
____________________________________________
____________________________________________________________


Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 93.75 0 K 28 K
svchost.exe 1092 2.34 20,872 K 29,256 K Generic Host Process for Win32 Services Microsoft Corporation
wmiprvse.exe 3708 1.56 5,284 K 10,292 K WMI Microsoft Corporation
procexp.exe 2096 1.56 14,320 K 18,512 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
services.exe 684 0.78 3,176 K 4,400 K Services and Controller app Microsoft Corporation
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
wscntfy.exe 3208 472 K 1,872 K Windows Security Center Notification App Microsoft Corporation
wmiprvse.exe 240 1,712 K 4,596 K WMI Microsoft Corporation
winlogon.exe 640 6,192 K 1,216 K Windows NT Logon Application Microsoft Corporation
wdfmgr.exe 1768 1,496 K 1,644 K Windows User Mode Driver Manager Microsoft Corporation
System 4 0 K 236 K
svchost.exe 992 2,216 K 5,376 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 884 3,464 K 5,948 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1180 1,220 K 3,072 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1320 1,756 K 4,696 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 2004 1,016 K 2,716 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1688 4,756 K 4,736 K Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1512 4,088 K 6,064 K Spooler SubSystem App Microsoft Corporation
Speccy.exe 3212 18,516 K 28,264 K Speccy Piriform Ltd
smss.exe 552 168 K 388 K Windows NT Session Manager Microsoft Corporation
realplay.exe 1920 5,480 K 9,820 K RealPlayer RealNetworks, Inc.
Quickcam.exe 892 4,052 K 7,524 K Camera Software Logitech Inc.
qbupdate.exe 1260 7,772 K 13,908 K QuickBooks Automatic Update Intuit Inc.
QBIDPService.exe 1312 11,224 K 8,908 K QBIDPService Intuit Inc.
QBCFMonitorService.exe 120 10,816 K 8,536 K QuickBooks Company File Monitoring Service Intuit
pptd40nt.exe 272 1,692 K 2,244 K PaperPort Print to Desktop for NT ScanSoft, Inc.
msiexec.exe 2768 5,080 K 8,160 K Windows® installer Microsoft Corporation
MMDiag.exe 472 768 K 272 K Logging and tracing manager Musicmatch, Inc.
mm_tray.exe 132 1,096 K 4,068 K mm_tray Musicmatch, Inc.
mim.exe 584 17,304 K 1,744 K mim Musicmatch, Inc.
LULnchr.exe 3248 900 K 3,324 K Logitech Updater Logitech, Inc.
lsass.exe 696 3,740 K 864 K LSA Shell (Export Version) Microsoft Corporation
LogitechUpdate.exe 3232 1,604 K 5,984 K Logitech Updater Logitech, Inc.
issch.exe 196 236 K 904 K InstallShield Update Service Scheduler InstallShield Software Corporation
igfxpers.exe 1856 628 K 2,472 K persistence Module Intel Corporation
hkcmd.exe 1848 660 K 2,492 K hkcmd Module Intel Corporation
GoogleDesktopIndex.exe 484 496 K 2,048 K
GoogleDesktopDisplay.exe 544 876 K 3,256 K
GoogleDesktop.exe 232 712 K 648 K
explorer.exe 1700 18,208 K 28,780 K Windows Explorer Microsoft Corporation
DMXLauncher.exe 1864 644 K 2,340 K
DLACTRLW.EXE 220 956 K 3,356 K Drive Letter Access Component Sonic Solutions
csrss.exe 616 1,720 K 3,956 K Client Server Runtime Process Microsoft Corporation
Communications_Helper.exe 920 2,960 K 5,120 K Communications Manager Logitech Inc.
COCIManager.exe 1596 2,576 K 4,640 K Camera Control Interface Logitech Inc.
brctrcen.exe 420 3,296 K 6,720 K ControlCenter2.0 Main Program Brother Industries, Ltd.
alg.exe 3152 1,112 K 3,320 K Application Layer Gateway Service Microsoft Corporation
_____________
_______________________
___________________________________
________________________________________________
  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Start, Run, services.msc, OK then find Microsoft Fax or Fax service in the right pane and right click on it and select Properties then change the Startup Type to Disabled. Apply. Close the services window.

Download UPHClean. To download and install UPHClean, visit the following Microsoft Web site:
http://www.microsoft...70-42470E2F3582
You will be prompted to validate your copy of Windows.
As soon as you have downloaded the UPHClean installer (UPHClean-Setup.msi), double-click the installer to begin the installation.
In the User Profile Hive Cleanup Service installation wizard, click Next.
In the License Agreement page, read the license agreement, select I Agree, and then click Next.
In the Select Installation Folder page, click Next.
In the Confirm Installation page, click Next.
When UPHClean is installed, click Close.

Note UPHClean runs as a service in Windows and will start automatically every time that Windows starts.
To confirm that UPHClean is installed and running, click Start, and then click Run.
In Open box, type the following text, and then click OK:

services.msc
In Services, in the Name column, locate User Profile Hive Cleanup. In the Status column, confirm that the User Profile Hive Cleanup service is Started.

That should clear up the last of the errors and make it boot faster.

You need to update to XP SP3. Running SP2 you will get a lot more of these infections.

If this is an AMD CPU then you need to get KB953356:
http://www.microsoft...ang=en&id=23751
and install it first.


You should be offered the SP3 update from MS Updates but if not you can get it from:

http://technet.micro...indows/bb794714

That's all I see so time to clean up:


We need to clean up System Restore. Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You probably do not have the latest Java (Java™ 6 Update 29 or 7 update 1). Get the latest at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Note on Java and Firefox. For some reason Java does not remove old consoles from Firefox. Any time you update Java you should do Firefox, Add-ons, Extensions and disable any old Java Consoles

They will look like: Java Console 6.xx. The xx corresponds to the update number. When they switch to 7 update 0 then it will be Java Console 7.

Multiple Java Consoles will slow down the Firefox boot. After any change to Firefox or its extension you should run Speedyfox. (Mentioned later.)



Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#22
wifeiskillinme

wifeiskillinme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Ron,

I'm having trouble running this command

"%userprofile%\Desktop\combofix.exe" /Uninstall

if I understand what I am supposed to do, I'm running this command from the DOS prompt, correct?

I get an error "Not recognized as an internal or external command"

does it mater what directory DOS is at when it runs? I'm at C:\documents and settings\terri

Everything else worked like a charm!!!!!!!!
  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
It doesn't work because you ran Combofix from My Documents instead of the Desktop. Try:

"c:\documents and settings\terri\My Documents\ComboFix.exe" /Uninstall
  • 0

#24
wifeiskillinme

wifeiskillinme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
ron your right. I actually ran all the things you asked from My documents. Funny thing is, Combofix is gone from there. Found a shortcut that pointed to it in My Documents but the EXE is gone. Did a search on the entire drive and no EXE to be found? Hmmmmmm

Is there anything else to do at this point?

If not, let me take the time to tell you how great you were. Although I didn't understand one thing you did, you not only got rid of the problem but the computer is running much better. I feel very fortunate there are people like you who are willing to help the average user. Can't thank you enough!
  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Probably OTL got it during its cleanup routine. Didn't realize it would find it when it wasn't on the desktop but it's a clever little program.

You're done then.
  • 0

Advertisements


#26
wifeiskillinme

wifeiskillinme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thanks again. Best of luck to you!!!!! You were great to work with!!!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP