Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Mysterious tabs in Firefox automatically opening up

Started by redleader74 , Jan 19 2012 01:21 PM

  • Please log in to reply

#1
redleader74
Posted 19 January 2012 - 01:21 PM

redleader74

    Member

  • Member
  • PipPipPip
  • 195 posts
A new issue started happening with my machine this morning. While looking at the Yahoo home page on Firefox, a tab suddenly opened up with an article from a site called "News 7" re: a woman making $$$$ from working online. I realized that this was actually just an advertisement masking itself as a news article. I ran a scan using MSE (found no threats) and also ran CCleaner to get rid of any cookies and temp files. But then it happened again, this time the tab was to some random product on Amazon. So I'm not sure if this is a virus or not. The other side effect of these mysterious happenings is that the computer is running slower, including web surfing. Please help!

Thanks!!
  • 0

Advertisements

#2
redleader74
Posted 19 January 2012 - 01:23 PM

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts
...OH, now I'm also getting redirect issues in Firefox...that might narrow down the issue.

Also, I've taken the initiative of running OTL as advised Malware and Spyware Cleaning Guide. Here is the log:

OTL logfile created on: 1/19/2012 1:27:52 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Kwong\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 4.02 Mb Available Physical Memory | 0.39% Memory free
2.40 Gb Paging File | 0.98 Gb Available in Paging File | 40.93% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.84 Gb Total Space | 101.97 Gb Free Space | 69.92% Space Free | Partition Type: NTFS
Drive H: | 14.92 Gb Total Space | 5.18 Gb Free Space | 34.72% Space Free | Partition Type: FAT32

Computer Name: KWONGSCOMPUTER | User Name: Kwong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/19 12:44:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kwong\Desktop\OTL.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/08/24 12:15:03 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/06/20 15:48:19 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\UTSCSI.EXE
PRC - [2008/10/13 11:47:36 | 000,253,952 | ---- | M] (Magic Control Technology Corporation) -- C:\WINDOWS\system32\trutil5001.exe
PRC - [2008/07/08 16:51:16 | 000,315,392 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\system32\mctudll.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/08 23:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/10/19 09:31:02 | 000,102,400 | ---- | M] (SHARP CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\IN0XRCV.exe
PRC - [2006/08/28 21:57:12 | 000,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2005/04/25 05:50:08 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/04/25 05:49:52 | 000,086,142 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/03 07:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/07 09:43:22 | 005,971,408 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2009/12/31 10:24:20 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2009/06/20 15:48:19 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\UTSCSI.EXE
MOD - [2008/06/20 08:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 08:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2007/11/30 18:51:24 | 000,421,888 | ---- | M] () -- C:\WINDOWS\system32\UDLL.dll
MOD - [2007/07/12 21:33:58 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2007/05/10 23:50:00 | 000,017,024 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ViewerPS.dll
MOD - [2002/11/26 13:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/06/20 15:48:19 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\UTSCSI.EXE -- (UTSCSI)
SRV - [2009/03/04 10:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/08/08 23:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/04/25 05:49:52 | 000,086,142 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Running] -- -- (MpKsle260258b)
DRV - [2012/01/19 10:41:42 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2ED38B41-984E-4B13-AF66-01A382872D16}\MpKsl5aafc80b.sys -- (MpKsl5aafc80b)
DRV - [2009/02/09 06:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 06:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 06:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 06:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/09/30 13:28:52 | 000,062,080 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\trgusb.sys -- (trgusb)
DRV - [2008/09/30 12:50:56 | 000,020,224 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TrgMrGrp.sys -- (TrgMrGrp)
DRV - [2008/09/30 12:50:20 | 000,019,712 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TrgExGrp.sys -- (TrgExGrp)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 10:40:46 | 000,062,976 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/15 20:15:38 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/03/31 16:22:16 | 000,180,096 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/03/30 02:03:06 | 001,035,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/02 12:12:14 | 000,019,456 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2002/11/08 16:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.17.4: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=5.2.5.48: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/10/08 08:20:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/05 13:03:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/09 17:13:09 | 000,000,000 | ---D | M]

[2009/10/28 08:16:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kwong\Application Data\Mozilla\Extensions
[2011/08/16 11:06:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kwong\Application Data\Mozilla\Firefox\Profiles\03a9wkls.default\extensions
[2011/08/16 10:48:54 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Kwong\Application Data\Mozilla\Firefox\Profiles\03a9wkls.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/01/20 14:33:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kwong\Application Data\Mozilla\Firefox\Profiles\03a9wkls.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/15 08:46:41 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Kwong\Application Data\Mozilla\Firefox\Profiles\03a9wkls.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/08/24 12:11:27 | 000,002,197 | ---- | M] () -- C:\Documents and Settings\Kwong\Application Data\Mozilla\Firefox\Profiles\03a9wkls.default\searchplugins\google-search.xml
[2011/09/02 15:06:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/01 17:48:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2009/05/04 08:20:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/08/24 12:11:27 | 000,002,197 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-search.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IN0XRCV] C:\WINDOWS\system32\spool\drivers\w32x86\3\IN0XRCV.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [mctudll] C:\WINDOWS\system32\mctudll.exe (TODO: <Company name>)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [trutil5001] C:\WINDOWS\system32\trutil5001.exe (Magic Control Technology Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Kwong\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_25.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKLM\..Trusted Domains: travelers.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: travelers.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: travelerspc.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: travelerspc.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: lorexddns.net ([cpcoakland] https in Trusted sites)
O15 - HKCU\..Trusted Domains: msbexpress.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: safeco.com ([safesite] https in Trusted sites)
O15 - HKCU\..Trusted Domains: travelers.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: travelers.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: travelers.com ([agenthq] https in Trusted sites)
O15 - HKCU\..Trusted Domains: travelerspc.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: travelerspc.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] http in Trusted sites)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://eagent.farme...ctiveX/smsx.cab (MeadCo ScriptX)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {9A74E90C-0233-4E1F-8EA1-105991C6FA12} http://108.200.50.71/webviewer.cab (RemoteDvr Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://tcupload.appl...oad/XUpload.ocx (Persits Software XUpload)
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} http://www.networkso...rueSwitchEC.exe (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BA77461-CDBF-4F6A-85D4-361CB8EF390B}: DhcpNameServer = 10.1.10.1
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\flowto {C7101FB0-28FB-11D5-883A-204C4F4F5021} - C:\Program Files\NetExchange Pro3.0\FlowHook.dll ()
O18 - Protocol\Handler\schmap-help - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 14:15:00 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/19 12:44:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kwong\Desktop\OTL.exe
[2012/01/19 12:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/01/19 10:23:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kwong\Recent
[2012/01/19 10:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/01/18 17:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/01/18 17:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/01/12 10:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012/01/04 09:26:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kwong\Start Menu\Programs\Mead & Company

========== Files - Modified Within 30 Days ==========

[2012/01/19 13:37:37 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/19 12:46:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/19 12:44:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kwong\Desktop\OTL.exe
[2012/01/19 10:45:58 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/19 10:41:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/19 10:41:07 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/19 10:40:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/19 10:28:48 | 000,379,192 | ---- | M] () -- C:\Documents and Settings\Kwong\Desktop\cc_20120119_102757.reg
[2012/01/19 10:21:12 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/01/19 09:51:33 | 000,060,304 | ---- | M] () -- C:\Documents and Settings\Kwong\g2mdlhlpx.exe
[2012/01/17 13:53:10 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Kwong\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2012/01/13 09:19:25 | 000,184,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/12 17:34:54 | 000,000,603 | ---- | M] () -- C:\WINDOWS\mapping.ini
[2012/01/11 17:48:53 | 000,442,894 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/11 17:48:53 | 000,072,160 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/09 13:42:43 | 000,002,499 | ---- | M] () -- C:\Documents and Settings\Kwong\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel (2)(2).lnk
[2012/01/06 15:38:10 | 000,000,031 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\IpAndPort.fig
[2012/01/06 15:38:09 | 000,000,208 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\RmUserCfg.ini
[2012/01/05 17:24:06 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\Kwong\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/23 09:13:13 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/12/22 09:22:11 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/12/22 09:22:11 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat

========== Files Created - No Company Name ==========

[2012/01/19 10:28:07 | 000,379,192 | ---- | C] () -- C:\Documents and Settings\Kwong\Desktop\cc_20120119_102757.reg
[2012/01/19 10:21:12 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/02 16:29:13 | 000,000,031 | ---- | C] () -- C:\WINDOWS\capture.ini
[2011/09/02 16:28:39 | 000,000,603 | ---- | C] () -- C:\WINDOWS\mapping.ini
[2011/09/02 16:23:20 | 000,000,579 | ---- | C] () -- C:\WINDOWS\addrbook.ini
[2011/09/02 16:22:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\uninst.exe
[2011/09/02 16:22:11 | 000,000,102 | ---- | C] () -- C:\WINDOWS\dvr2.ini
[2011/06/01 11:57:24 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\RmUserCfg.ini
[2011/06/01 11:57:24 | 000,000,031 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\IpAndPort.fig
[2011/06/01 11:45:41 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/05/31 08:03:57 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/31 08:03:57 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/05/26 15:50:27 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/05 21:33:34 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\HiDvrOcxCHT.dll
[2011/03/05 21:33:34 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\HiDvrOcxCHS.dll
[2011/01/18 17:34:05 | 000,035,600 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/28 00:27:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\AVCDecoder.dll
[2010/12/18 22:34:04 | 007,276,032 | ---- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2010/12/18 22:34:04 | 000,742,220 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/12/18 22:34:04 | 000,666,624 | ---- | C] () -- C:\WINDOWS\System32\avformat.dll
[2010/12/18 22:34:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\avutil.dll
[2010/09/07 18:46:42 | 004,497,993 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/09/07 18:46:42 | 000,142,291 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/01/06 17:11:19 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\Transware.ini
[2009/12/31 10:24:21 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/12/31 10:24:20 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/10/08 08:40:41 | 000,057,139 | ---- | C] () -- C:\Documents and Settings\Kwong\Application Data\NMM-MetaData.db
[2009/09/15 12:53:59 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\Kwong\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/07 12:29:19 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/09/04 13:53:46 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Kwong.ini
[2009/06/20 15:48:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UTSCSI.EXE
[2009/04/29 11:06:19 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\UDLL.dll
[2009/04/29 11:06:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mctudll.dll
[2008/10/04 09:19:08 | 000,000,162 | ---- | C] () -- C:\WINDOWS\msffile.ini
[2008/09/26 15:50:59 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2008/08/19 14:43:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\ccard100.ini
[2008/05/17 09:35:00 | 000,001,056 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/17 09:35:00 | 000,000,103 | ---- | C] () -- C:\WINDOWS\odbcisam.ini
[2008/05/17 09:34:59 | 000,000,920 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/05/17 09:34:51 | 000,001,017 | ---- | C] () -- C:\WINDOWS\WINWORD6.INI
[2008/05/17 09:34:46 | 000,001,897 | ---- | C] () -- C:\WINDOWS\ARTGALRY.INI
[2008/05/17 09:34:39 | 000,000,124 | ---- | C] () -- C:\WINDOWS\GRAPH5.INI
[2008/05/17 09:34:37 | 000,002,124 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2008/05/17 09:34:36 | 000,001,607 | ---- | C] () -- C:\WINDOWS\EXCEL5.INI
[2008/05/17 09:34:20 | 000,000,535 | ---- | C] () -- C:\WINDOWS\MSTXTCNV.INI
[2008/05/17 09:34:15 | 000,002,041 | ---- | C] () -- C:\WINDOWS\MSFNTMAP.INI
[2008/05/17 09:34:07 | 000,000,280 | ---- | C] () -- C:\WINDOWS\TTEMBED.INI
[2008/03/26 11:50:06 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2008/02/25 15:30:21 | 000,196,696 | ---- | C] () -- C:\WINDOWS\_isusr32.dll
[2008/02/25 15:30:21 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\_isusr2k.dll
[2008/02/25 15:30:21 | 000,000,142 | ---- | C] () -- C:\WINDOWS\System32\Uin0xMsg.dat
[2008/02/25 15:30:20 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\uin0x.dll
[2008/02/25 15:30:10 | 000,000,395 | ---- | C] () -- C:\WINDOWS\System32\SCN2PM.DAT
[2007/11/26 11:00:32 | 000,000,055 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007/11/26 11:00:32 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2007/11/26 10:47:31 | 000,001,175 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/11/26 10:47:31 | 000,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2007/11/26 10:47:31 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/11/26 10:47:31 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7820N.dat
[2007/11/26 10:47:31 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/11/26 10:47:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007/11/26 10:46:55 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2007/11/26 10:46:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2007/11/23 15:40:56 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini
[2007/05/17 08:53:14 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/05/17 08:53:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007/03/19 08:01:49 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/11/13 17:28:00 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\IN0ELMON.dat
[2006/11/13 17:21:52 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\IN0FLMON.dat
[2006/06/12 08:35:42 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/03/30 13:58:58 | 000,000,524 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/03/16 17:54:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/02/01 17:47:34 | 000,000,054 | ---- | C] () -- C:\WINDOWS\FSC.INI
[2005/12/31 10:42:21 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/12/31 10:42:02 | 000,000,142 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2005/12/31 10:41:16 | 000,000,687 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2005/11/09 14:40:30 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/10/12 10:21:54 | 000,000,667 | ---- | C] () -- C:\WINDOWS\LIFW.INI
[2005/10/12 10:21:54 | 000,000,147 | ---- | C] () -- C:\WINDOWS\TOM.INI
[2005/09/29 08:15:32 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/09/29 08:15:32 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\A5DA682811.sys
[2005/09/15 20:22:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/15 20:17:19 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/09/15 20:14:58 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/09/15 19:52:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/09/15 19:52:40 | 000,081,342 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/09/15 19:52:18 | 000,000,394 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 14:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 14:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 14:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 14:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 14:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 14:07:24 | 000,004,806 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 14:06:43 | 000,184,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 14:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 14:00:28 | 000,442,894 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 14:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 14:00:28 | 000,072,160 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 14:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 14:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 14:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 14:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 14:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 14:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 14:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 14:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/03 19:59:54 | 000,062,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\cdrom.sys
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/11/21 17:03:20 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1997/09/30 13:30:02 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL

========== LOP Check ==========

[2011/05/10 08:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/02/04 14:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cozi
[2008/05/09 12:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2011/11/10 13:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iCoolsoft Studio
[2009/10/08 08:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/10/08 08:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/12/06 16:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/07/21 12:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2010/01/07 10:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transamerica
[2009/07/23 13:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/02/10 13:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/08 21:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/10/15 08:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\DVDVideoSoftIEHelpers
[2011/08/16 10:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\GARMIN
[2010/03/04 09:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\HotSync
[2009/08/12 14:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\Leadertech
[2009/10/16 14:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\Nokia
[2009/09/06 15:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\Oce
[2009/10/08 08:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\PC Suite
[2010/01/29 16:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\pdf995
[2011/08/30 09:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\Schmap
[2009/07/24 12:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\ThumbsPlus
[2009/09/18 09:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kwong\Application Data\webex
[2011/12/23 09:13:13 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/01/19 10:45:58 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/10/06 09:37:41 | 000,000,199 | ---- | M] ()(C:\Documents and Settings\Kwong\Desktop\881903.com ???? - Hong Kong Toolbar ??.url) -- C:\Documents and Settings\Kwong\Desktop\881903.com 商業電台 - Hong Kong Toolbar 下載.url
[2011/09/16 08:23:36 | 000,000,199 | ---- | C] ()(C:\Documents and Settings\Kwong\Desktop\881903.com ???? - Hong Kong Toolbar ??.url) -- C:\Documents and Settings\Kwong\Desktop\881903.com 商業電台 - Hong Kong Toolbar 下載.url

< End of report >


OTL Extras logfile created on: 1/19/2012 1:27:52 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Kwong\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 4.02 Mb Available Physical Memory | 0.39% Memory free
2.40 Gb Paging File | 0.98 Gb Available in Paging File | 40.93% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.84 Gb Total Space | 101.97 Gb Free Space | 69.92% Space Free | Partition Type: NTFS
Drive H: | 14.92 Gb Total Space | 5.18 Gb Free Space | 34.72% Space Free | Partition Type: FAT32

Computer Name: KWONGSCOMPUTER | User Name: Kwong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\spool\drivers\w32x86\3\IN0XNJR.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\IN0XNJR.exe:*:Enabled:PC-Fax Notify Job Results -- (SHARP CORPORATION)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{245B4BB9-D643-4A87-968D-6C856FF1706A}" = VChannelClient
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 25
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36BD0774-6CD6-4FF9-A148-83CA09AC123E}" = Intel® PROSafe for Wired Connections
"{403EF592-953B-4794-BCEF-ECAB835C2095}" = Intel® PROSafe for Wired Connections
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{83E56086-8859-4C08-8D2E-CDF1E8C1B1E4}" = WinFSC First American California Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1CEAB5E-23FE-4D62-96D7-AE2744367FD7}" = Cozi
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{DC1B32F7-D001-4C1F-BBA1-87B31BEEC0BC}" = SEE2 Xpress / TRI-UV50 8.1.5.1013.1146
"{DF930075-1C01-45CA-B023-993BF4118096}" = Microsoft Office Live Meeting 2005
"{E434580A-2D4A-4433-A81E-4BCAE86AD148}" = palmOne
"{E4375AC9-EDE1-4943-A0E3-801CEB7041DF}" = Dell Support 3.2.1
"{EA710A0A-BF5D-433C-8EB5-D17DC54CC298}" = Microsoft Office Live Meeting 2007
"{ECE80888-45E5-46FD-8E0C-FEF3648847BB}" = Sibelius Scorch (all browsers)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AVIGenerator" = AVIGenerator 1.8.0.0
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"D978F69D5F15B845BD6BC6F8BF9BCD36982A2087" = Windows Driver Package - Nokia Modem (02/24/2009 4.0)
"E7F682214B951640C9C539C41FDA1A7F836FF7B6" = Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.4.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.2
"NetExchangePro 3.0" = NetExchangePro 3.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"Oce cm2510 4010 Series PC-Fax Driver" = Oce cm2510/4010 Series PC-Fax Driver
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"PROSetDX" = Intel® PRO Network Connections Software v9.2.4.11
"Puran Defrag_is1" = Puran Defrag 7.3
"RealPlayer 6.0" = RealPlayer Basic
"Recuva" = Recuva
"ReNamer_is1" = ReNamer
"Revo Uninstaller" = Revo Uninstaller 1.92
"ScrewDrivers Client v4" = ScrewDrivers Client v4
"Signature995" = Signature995
"SyncBack_is1" = SyncBack
"ThumbsPlus7" = ThumbsPlus version 7 SP2
"TibetSystem - Uninstall EyeMax DVR Client" = Uninstall EyeMax DVR Client
"TibetSystem - Uninstall Web Viewer" = Uninstall Web Viewer
"Uninstall_is1" = Uninstall 1.0.0.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.0.0.799

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/19/2011 6:03:34 PM | Computer Name = KWONGSCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application googleearth.exe, version 6.1.0.5001, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/19/2011 6:13:44 PM | Computer Name = KWONGSCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application googleearth.exe, version 6.1.0.5001, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/21/2011 9:38:53 PM | Computer Name = KWONGSCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 10.4.1.10, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/21/2011 9:38:54 PM | Computer Name = KWONGSCOMPUTER | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 12/21/2011 9:38:55 PM | Computer Name = KWONGSCOMPUTER | Source = Bonjour Service | ID = 100
Description = 200: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 12/21/2011 9:38:55 PM | Computer Name = KWONGSCOMPUTER | Source = Bonjour Service | ID = 100
Description = 204: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 12/22/2011 1:22:27 PM | Computer Name = KWONGSCOMPUTER | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 12/29/2011 5:01:37 PM | Computer Name = KWONGSCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3523, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/29/2011 5:01:37 PM | Computer Name = KWONGSCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3523, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/18/2012 9:05:20 PM | Computer Name = KWONGSCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application java.exe, version 6.0.250.6, faulting module
java.dll, version 6.0.250.6, fault address 0x00004e2f.

[ System Events ]
Error - 1/19/2012 5:07:26 PM | Computer Name = KWONGSCOMPUTER | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/19/2012 5:10:45 PM | Computer Name = KWONGSCOMPUTER | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/19/2012 5:15:31 PM | Computer Name = KWONGSCOMPUTER | Source = DCOM | ID = 10010
Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register
with DCOM within the required timeout.

Error - 1/19/2012 5:16:01 PM | Computer Name = KWONGSCOMPUTER | Source = DCOM | ID = 10010
Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register
with DCOM within the required timeout.

Error - 1/19/2012 5:16:32 PM | Computer Name = KWONGSCOMPUTER | Source = DCOM | ID = 10010
Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register
with DCOM within the required timeout.

Error - 1/19/2012 5:17:02 PM | Computer Name = KWONGSCOMPUTER | Source = DCOM | ID = 10010
Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register
with DCOM within the required timeout.

Error - 1/19/2012 5:17:33 PM | Computer Name = KWONGSCOMPUTER | Source = DCOM | ID = 10010
Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register
with DCOM within the required timeout.

Error - 1/19/2012 5:18:03 PM | Computer Name = KWONGSCOMPUTER | Source = DCOM | ID = 10010
Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register
with DCOM within the required timeout.

Error - 1/19/2012 5:18:47 PM | Computer Name = KWONGSCOMPUTER | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 1/19/2012 5:31:24 PM | Computer Name = KWONGSCOMPUTER | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >

Edited by redleader74, 19 January 2012 - 03:47 PM.

  • 0

#3
Gammo
Posted 23 January 2012 - 07:44 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP