This topic is lockedClick Troubleshoot to start the troubleshooter for this device.
Window XP hangs - programs open on start will run but no programs will
Started by
Quint2724
, Dec 21 2012 06:06 PM
#16
Posted 03 January 2013 - 10:08 PM
Quint2724
- Topic Starter
-
- Member
-
- 44 posts
Member
Click Troubleshoot to start the troubleshooter for this device.
#17
Posted 04 January 2013 - 11:24 AM
godawgs
-
- Retired Staff
-
- 8,228 posts
Teacher
Back in post #6, under Step 4. I asked you to run the ESET online scan.
I don't see the log and you didn't indicate whether or not it found any threats. Would you please give me an update on that.
If you didn't uninstall the ESET program after running it, the log should be located at C:\Program Files\ESET\EsetOnlineScanner\log.txt. Use notepad to open the log file.
NEXT:
Open the Device Manager again.
Click the + beside Non-Plug and Play Drivers
Right click on the driver that has the yellow exclamation point on it MpKslaofe709f and click Delete
If the Delete option is not present, click Uninstall
Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know what happened on the ESET scan.
I don't see the log and you didn't indicate whether or not it found any threats. Would you please give me an update on that.
If you didn't uninstall the ESET program after running it, the log should be located at C:\Program Files\ESET\EsetOnlineScanner\log.txt. Use notepad to open the log file.
NEXT:
Open the Device Manager again.
Click the + beside Non-Plug and Play Drivers
Right click on the driver that has the yellow exclamation point on it MpKslaofe709f and click Delete
If the Delete option is not present, click Uninstall
Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know what happened on the ESET scan.
#18
Posted 05 January 2013 - 01:57 PM
Quint2724
- Topic Starter
-
- Member
-
- 44 posts
Member
OK - I uninstalled MpKslaofe709f.
After Post #6 - I stated: Here is the MalwareBytes log. Nothing was found on the ESET.
I went ahead and ran ESET online scan again. I was going to attach a print screen showing that nothing was found, but the PC was "stuck" again, and I could not open MS Paint to save the print screen. Because I had to reboot, ESET was not removed on close - as was directed the first time.
Here is the ESET Log:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=71586e0ad729c744b7f85ad2e39d418d
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-05 07:29:00
# local_time=2013-01-05 01:29:00 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5892 16777213 88 94 0 10106712 0 0
# scanned=104574
# found=0
# cleaned=0
# scan_time=6623
After Post #6 - I stated: Here is the MalwareBytes log. Nothing was found on the ESET.
I went ahead and ran ESET online scan again. I was going to attach a print screen showing that nothing was found, but the PC was "stuck" again, and I could not open MS Paint to save the print screen. Because I had to reboot, ESET was not removed on close - as was directed the first time.
Here is the ESET Log:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=71586e0ad729c744b7f85ad2e39d418d
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-05 07:29:00
# local_time=2013-01-05 01:29:00 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5892 16777213 88 94 0 10106712 0 0
# scanned=104574
# found=0
# cleaned=0
# scan_time=6623
#19
Posted 05 January 2013 - 03:19 PM
godawgs
-
- Retired Staff
-
- 8,228 posts
Teacher
So you did. I'm sorry, I missed that when recapping the topic.After Post #6 - I stated: Here is the MalwareBytes log. Nothing was found on the ESET.
I don't see any signs of malware remaining on the system.
Let's see if the hanging issue is heat related.
Download the free version of Speccy here (Look in the upper right for the Download Latest Version button)
- Download the spsetup119.exe file and save it to the desktop.
- Double click the setup file and install it.
- Run Speccy.
- When it finishes (the little icon in the bottom left will stop moving), click File,then Save as Text File, (to your desktop) note the name it gives.
- Click OK.
#20
Posted 05 January 2013 - 04:38 PM
Quint2724
- Topic Starter
-
- Member
-
- 44 posts
Member
OK - that didn't go well. But this may lead us to the real problem....?
I was able to download, install, open and run Speccy. It runs for about 10 to 15 seconds, and then I get the BSOD.
Same results three times in a row after rebooting.
Info posted:
Technical Information
*** STOP: 0x0000008E (0xc0000005, 0xF74AA710, 0xAA270744,0x00000000)
*** atapi.sys - Address F74AA71D base at F74A0000, DateStamp 4802539d
I was able to download, install, open and run Speccy. It runs for about 10 to 15 seconds, and then I get the BSOD.
Same results three times in a row after rebooting.
Info posted:
Technical Information
*** STOP: 0x0000008E (0xc0000005, 0xF74AA710, 0xAA270744,0x00000000)
*** atapi.sys - Address F74AA71D base at F74A0000, DateStamp 4802539d
#21
Posted 06 January 2013 - 11:47 AM
godawgs
-
- Retired Staff
-
- 8,228 posts
Teacher
Hi there,
0xC0000005: STATUS_ACCESS_VIOLATION indicates that a memory access violation occurred.---This part of the blue screen error code indicates that you could have some bad memory.
The atapi.sys also indicates that a video driver could be the problem.
Step-1.
Let me know the manufacture's name, make and model of the computer.
Step-2.
OTL Custom Scan
1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the
box in OTL. To do that:
2. Re-open OTL on the desktop. To do that:
Step-3.
Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my question
2. The OTL txt log
0xC0000005: STATUS_ACCESS_VIOLATION indicates that a memory access violation occurred.---This part of the blue screen error code indicates that you could have some bad memory.
The atapi.sys also indicates that a video driver could be the problem.
Step-1.
Let me know the manufacture's name, make and model of the computer.
Step-2.
OTL Custom Scan1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the
box in OTL. To do that:- Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.
createrestorepoint
/md5start
atapi.sys
/md5stop
C:\|Documents;false;false;false /FP
2. Re-open OTL on the desktop. To do that:
- Double click on the OTL icon to run it. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
Make sure all other windows are closed. - You will see a console like the one below:
- Check the box beside Scan All Users at the top of the console
- Make sure the Output box at the top is set to Standard Output.
- Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
- Click the
button. Do not change any settings unless otherwise told to do so. - Let the scan run uninterrupted.
- When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
- Please copy the contents of this file and paste it into your reply. To do that:
- On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
- Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
Step-3.
Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my question
2. The OTL txt log
#22
Posted 06 January 2013 - 01:40 PM
Quint2724
- Topic Starter
-
- Member
-
- 44 posts
Member
Dell Inspiron E1405 MXC061
Intel® CPU T2050 @ 1.60 Ghz
0.99 GB or RAM
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret </md5start> in the current context!
Error: Unable to interpret <atapi.sys> in the current context!
Error: Unable to interpret </md5stop> in the current context!
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.69.0 log created on 01062013_133218
Intel® CPU T2050 @ 1.60 Ghz
0.99 GB or RAM
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret </md5start> in the current context!
Error: Unable to interpret <atapi.sys> in the current context!
Error: Unable to interpret </md5stop> in the current context!
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.69.0 log created on 01062013_133218
#23
Posted 06 January 2013 - 01:57 PM
godawgs
-
- Retired Staff
-
- 8,228 posts
Teacher
Yep, that was my bad. Hold one, and I'll post the correct instructions.
#24
Posted 06 January 2013 - 02:00 PM
godawgs
-
- Retired Staff
-
- 8,228 posts
Teacher
Step-2.
OTL Custom Scan
1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the box in OTL. To do that:
2. Re-open OTL on the desktop. To do that:
Now post the OTL.txt log
OTL Custom Scan1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the
box in OTL. To do that:- Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.
createrestorepoint
/md5start
atapi.sys
/md5stop
%systemdrive%|Documents;false;false;false /FP
2. Re-open OTL on the desktop. To do that:
- Double click on the OTL icon to run it. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
Make sure all other windows are closed. - You will see a console like the one below:
- Check the box beside Scan All Users at the top of the console
- Make sure the Output box at the top is set to Standard Output.
- Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
- Click the button. Do not change any settings unless otherwise told to do so.
- Let the scan run uninterrupted.
- When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
- Please copy the contents of this file and paste it into your reply. To do that:
- On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
- Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
Now post the OTL.txt log
#25
Posted 06 January 2013 - 02:51 PM
Quint2724
- Topic Starter
-
- Member
-
- 44 posts
Member
OTL logfile created on: 1/6/2013 2:27:16 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Sherman\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.37 Mb Total Physical Memory | 391.42 Mb Available Physical Memory | 38.59% Memory free
2.38 Gb Paging File | 1.89 Gb Available in Paging File | 79.36% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.06 Gb Total Space | 20.52 Gb Free Space | 23.57% Space Free | Partition Type: NTFS
Computer Name: D4065BB1 | User Name: Sherman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/12/21 17:19:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sherman\Desktop\OTL.exe
PRC - [2012/12/08 16:56:52 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/07/08 18:08:08 | 000,932,528 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/01/27 16:54:31 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/25 16:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/07/25 16:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/07/25 16:26:14 | 000,491,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/03/24 15:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/05 02:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2003/09/10 01:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe
PRC - [2003/07/25 08:14:02 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
PRC - [2001/07/23 15:38:40 | 000,315,392 | ---- | M] () -- C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
========== Modules (No Company Name) ==========
MOD - [2012/12/15 19:19:34 | 014,586,296 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2012/12/08 16:56:51 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/07/08 18:08:08 | 000,932,528 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/04/14 05:42:06 | 000,270,848 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/14 05:42:04 | 001,288,192 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/07/25 16:25:48 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/04/25 10:55:40 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2006/12/11 15:12:04 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2005/10/05 02:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
MOD - [2003/09/10 01:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe
MOD - [2001/07/23 15:38:40 | 000,315,392 | ---- | M] () -- C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
========== Services (SafeList) ==========
SRV - [2012/12/15 19:19:35 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/08 16:56:51 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/05/05 16:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2003/05/14 06:45:04 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2242402D-DB76-45B9-9657-09DE939A0C56}\MpKsld1812735.sys -- (MpKsld1812735)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvuvc.sys -- (LVUVC)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvrs.sys -- (LVRS)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Sherman\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2007/08/08 08:17:54 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/05/29 15:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/03/22 11:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 11:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2006/03/24 15:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/12/04 08:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005/08/04 19:32:16 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/14 02:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 01:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 03:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [1996/07/12 19:31:10 | 000,014,528 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\..\SearchScopes,DefaultScope = {F7C76515-A05E-4ACB-8402-A756D0C0BC3C}
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\..\SearchScopes\{F7C76515-A05E-4ACB-8402-A756D0C0BC3C}: "URL" = http://www.google.co...f8&oe=utf8&rlz=
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B37E4D8EA-8BDA-4831-8EA1-89053939A250%7D:3.0.0.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/08 16:56:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/08 16:56:40 | 000,000,000 | ---D | M]
[2008/08/31 12:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Extensions
[2012/12/14 20:27:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\n63d4r8v.default\extensions
[2010/06/04 08:58:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\n63d4r8v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/04 09:33:48 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\n63d4r8v.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2012/12/08 16:56:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/08 16:56:52 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/02 11:08:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/21 18:37:11 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Funmoods ()
CHR - default_search_provider: search_url = http://searchfunmood...yE&cr=402383642
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://searchfunmood...yE&cr=402383642
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.112\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\13.0.782.112\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.112\pdf.dll
CHR - plugin: eRoom (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npeRoom7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Sherman\Application Data\Move Networks\plugins\npqmp071705000014.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Sherman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
O1 HOSTS File: ([2008/12/31 00:40:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode File not found
O4 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized File not found
O4 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005..\Run: [Spotify Web Helper] C:\Documents and Settings\Sherman\Application Data\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32\ScanWiz5\SDII.exe ()
O4 - Startup: C:\Documents and Settings\Sherman\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O15 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\..Trusted Domains: jocogov.org ([ims] http in Trusted sites)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://alternatiff.c.../00/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewi...oOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1356149689358 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1356828594718 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.micr...loadManager.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A015505-9548-45E9-ABBD-F872CD4F99D1}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Sherman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sherman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013/01/05 15:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/01/05 15:48:06 | 004,778,720 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Sherman\Desktop\spsetup119.exe
[2013/01/05 09:18:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/01/02 23:10:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/01/02 22:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherman\My Documents\My Downloads
[2013/01/01 11:55:44 | 000,697,911 | ---- | C] (Farbar) -- C:\Documents and Settings\Sherman\Desktop\FSS.exe
[2012/12/30 20:45:17 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012/12/30 20:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/12/29 18:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherman\Application Data\ElevatedDiagnostics
[2012/12/29 18:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/12/29 18:37:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/12/29 17:29:21 | 001,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2012/12/29 17:29:21 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2012/12/29 17:29:16 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2012/12/29 17:29:16 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2012/12/29 17:29:15 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2012/12/29 17:28:59 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2012/12/29 17:25:39 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2012/12/29 17:14:28 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/12/28 21:36:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/27 22:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherman\Desktop\RK_Quarantine
[2012/12/27 21:54:34 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Sherman\Desktop\iexplore.exe
[2012/12/21 17:19:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sherman\Desktop\OTL.exe
[2012/12/08 16:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Sherman\My Documents\*.tmp files -> C:\Documents and Settings\Sherman\My Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/01/06 14:33:23 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/01/06 14:33:14 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/01/06 14:24:03 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/06 14:23:30 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/06 14:23:29 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Sherman.job
[2013/01/06 14:23:27 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3089392352-1124448085-2515576934-1005.job
[2013/01/06 14:23:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/06 14:23:10 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/06 13:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/06 13:11:00 | 1063,743,488 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013/01/05 17:24:49 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2013/01/05 16:40:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/01/05 16:24:03 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Sherman.job
[2013/01/05 16:12:14 | 000,239,977 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\photo(3).JPG
[2013/01/05 15:53:17 | 004,778,720 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Sherman\Desktop\spsetup119.exe
[2013/01/05 15:40:41 | 056,819,712 | ---- | M] () -- C:\Documents and Settings\Sherman\My Documents\QDATA.MNY
[2013/01/05 15:40:33 | 012,322,422 | R--- | M] () -- C:\Documents and Settings\Sherman\My Documents\QDATA Backup.mbf
[2013/01/05 14:28:05 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Sherman.job
[2013/01/05 14:02:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/03 16:47:50 | 000,179,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/02 23:23:05 | 000,087,363 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\Device_Mgr.JPG
[2013/01/02 23:14:23 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013/01/01 22:56:48 | 000,007,182 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\PrimoPDFSet.xml
[2013/01/01 12:12:41 | 000,163,140 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\XP_Update3.JPG
[2013/01/01 12:00:35 | 000,697,911 | ---- | M] (Farbar) -- C:\Documents and Settings\Sherman\Desktop\FSS.exe
[2012/12/31 21:15:49 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\Spider Solitaire.lnk
[2012/12/31 21:02:54 | 000,153,043 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\XP_Update2.JPG
[2012/12/31 21:01:50 | 000,137,420 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\XP_Update1.JPG
[2012/12/31 20:57:44 | 000,145,578 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\System.JPG
[2012/12/30 20:38:26 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/12/29 22:41:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/29 22:28:25 | 000,002,794 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\fullregbackup.reg
[2012/12/29 18:37:31 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/29 18:08:17 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2012/12/27 22:38:55 | 000,758,784 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\RogueKiller(1).exe
[2012/12/27 21:55:30 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Sherman\Desktop\iexplore.exe
[2012/12/21 17:19:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sherman\Desktop\OTL.exe
[2012/12/15 19:19:34 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/12/15 19:19:34 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Sherman\My Documents\*.tmp files -> C:\Documents and Settings\Sherman\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/01/05 16:12:10 | 000,239,977 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\photo(3).JPG
[2013/01/05 15:55:54 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2013/01/02 23:23:05 | 000,087,363 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\Device_Mgr.JPG
[2013/01/01 12:10:48 | 000,163,140 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\XP_Update3.JPG
[2012/12/31 21:02:54 | 000,153,043 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\XP_Update2.JPG
[2012/12/31 21:01:50 | 000,137,420 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\XP_Update1.JPG
[2012/12/31 20:57:43 | 000,145,578 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\System.JPG
[2012/12/30 20:48:14 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/12/30 20:48:14 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/12/30 20:38:26 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/12/30 20:38:16 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/12/29 22:28:25 | 000,002,794 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\fullregbackup.reg
[2012/12/29 17:29:19 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2012/12/29 17:29:19 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2012/12/29 17:29:19 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2012/12/29 17:29:19 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2012/12/29 17:29:18 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2012/12/29 17:29:18 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2012/12/29 17:29:18 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2012/12/29 17:29:18 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2012/12/29 17:29:18 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2012/12/29 17:29:18 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2012/12/29 17:29:18 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2012/12/29 17:29:18 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2012/12/29 17:29:18 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2012/12/29 17:29:18 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2012/12/29 17:29:18 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2012/12/29 17:29:18 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2012/12/29 17:29:18 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2012/12/29 17:29:17 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2012/12/29 17:29:17 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2012/12/29 17:29:17 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2012/12/29 17:29:17 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2012/12/29 17:29:17 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2012/12/29 17:29:17 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2012/12/29 17:29:17 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2012/12/29 17:29:17 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2012/12/29 17:29:17 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2012/12/29 17:29:17 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2012/12/29 17:29:17 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2012/12/29 17:29:17 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2012/12/29 17:29:17 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2012/12/29 17:29:17 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2012/12/29 17:29:17 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2012/12/29 17:29:17 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2012/12/29 17:29:17 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2012/12/29 17:29:17 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2012/12/29 17:29:17 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2012/12/29 17:29:17 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2012/12/29 17:29:17 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2012/12/29 17:29:17 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2012/12/29 17:29:17 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2012/12/29 17:29:17 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2012/12/29 17:29:17 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2012/12/29 17:29:16 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2012/12/29 17:29:16 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2012/12/29 17:29:16 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2012/12/29 17:29:16 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2012/12/29 17:29:16 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2012/12/29 17:29:16 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2012/12/29 17:29:16 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2012/12/29 17:29:16 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2012/12/29 17:29:16 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2012/12/29 17:29:16 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2012/12/29 17:29:16 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2012/12/29 17:29:16 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2012/12/29 17:29:16 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2012/12/29 17:29:16 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2012/12/29 17:29:16 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2012/12/29 17:29:16 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2012/12/29 17:29:16 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2012/12/29 17:29:16 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2012/12/29 17:29:16 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2012/12/29 17:29:16 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2012/12/29 17:29:16 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2012/12/29 17:29:16 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2012/12/29 17:29:16 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2012/12/29 17:29:16 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2012/12/29 17:29:16 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2012/12/29 17:29:15 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2012/12/29 17:29:15 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2012/12/29 17:29:15 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2012/12/29 17:29:15 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2012/12/29 17:29:15 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2012/12/29 17:29:15 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2012/12/29 17:29:15 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2012/12/29 17:29:15 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2012/12/29 17:29:15 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2012/12/29 17:29:15 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2012/12/29 17:29:15 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2012/12/29 17:29:15 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2012/12/29 17:29:15 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2012/12/27 22:38:58 | 000,758,784 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\RogueKiller(1).exe
[2012/12/24 23:42:03 | 1063,743,488 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2012/12/21 16:20:08 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Sherman.job
[2012/12/21 16:20:03 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Sherman.job
[2012/12/21 16:20:02 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Sherman.job
[2012/02/16 08:50:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/03/08 13:44:43 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Sherman\Local Settings\Application Data\fusioncache.dat
[2011/03/08 13:31:32 | 000,240,640 | ---- | C] () -- C:\Documents and Settings\Sherman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/28 18:05:08 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/19 09:21:51 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Sherman\Application Data\$_hpcst$.hpc
[2009/04/19 17:36:14 | 000,000,418 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2008/12/30 22:11:29 | 000,007,182 | ---- | C] () -- C:\Documents and Settings\Sherman\Application Data\PrimoPDFSet.xml
[2007/05/20 11:06:32 | 000,001,395 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/01 22:28:50 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/07/22 13:41:26 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Sherman\Application Data\dvd.bmk
[2006/07/22 12:53:14 | 004,456,448 | -H-- | C] () -- C:\Documents and Settings\Sherman\NTUSER.bak
========== ZeroAccess Check ==========
[2005/08/16 03:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 05:41:54 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ==========
< MD5 for: ATAPI.SYS >
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/04 04:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< %systemdrive%|Documents;false;false;false /FP >
========== Alternate Data Streams ==========
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Sherman\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.37 Mb Total Physical Memory | 391.42 Mb Available Physical Memory | 38.59% Memory free
2.38 Gb Paging File | 1.89 Gb Available in Paging File | 79.36% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.06 Gb Total Space | 20.52 Gb Free Space | 23.57% Space Free | Partition Type: NTFS
Computer Name: D4065BB1 | User Name: Sherman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/12/21 17:19:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sherman\Desktop\OTL.exe
PRC - [2012/12/08 16:56:52 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/07/08 18:08:08 | 000,932,528 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/01/27 16:54:31 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/25 16:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/07/25 16:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/07/25 16:26:14 | 000,491,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/03/24 15:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/05 02:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2003/09/10 01:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe
PRC - [2003/07/25 08:14:02 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
PRC - [2001/07/23 15:38:40 | 000,315,392 | ---- | M] () -- C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
========== Modules (No Company Name) ==========
MOD - [2012/12/15 19:19:34 | 014,586,296 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2012/12/08 16:56:51 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/07/08 18:08:08 | 000,932,528 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/04/14 05:42:06 | 000,270,848 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/14 05:42:04 | 001,288,192 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/07/25 16:25:48 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/04/25 10:55:40 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2006/12/11 15:12:04 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2005/10/05 02:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
MOD - [2003/09/10 01:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe
MOD - [2001/07/23 15:38:40 | 000,315,392 | ---- | M] () -- C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
========== Services (SafeList) ==========
SRV - [2012/12/15 19:19:35 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/08 16:56:51 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/05/05 16:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2003/05/14 06:45:04 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2242402D-DB76-45B9-9657-09DE939A0C56}\MpKsld1812735.sys -- (MpKsld1812735)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvuvc.sys -- (LVUVC)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvrs.sys -- (LVRS)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Sherman\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2007/08/08 08:17:54 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/05/29 15:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/03/22 11:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 11:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2006/03/24 15:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/12/04 08:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005/08/04 19:32:16 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/14 02:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 01:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 03:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [1996/07/12 19:31:10 | 000,014,528 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\..\SearchScopes,DefaultScope = {F7C76515-A05E-4ACB-8402-A756D0C0BC3C}
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\..\SearchScopes\{F7C76515-A05E-4ACB-8402-A756D0C0BC3C}: "URL" = http://www.google.co...f8&oe=utf8&rlz=
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B37E4D8EA-8BDA-4831-8EA1-89053939A250%7D:3.0.0.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/08 16:56:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/08 16:56:40 | 000,000,000 | ---D | M]
[2008/08/31 12:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Extensions
[2012/12/14 20:27:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\n63d4r8v.default\extensions
[2010/06/04 08:58:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\n63d4r8v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/04 09:33:48 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\n63d4r8v.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2012/12/08 16:56:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/08 16:56:52 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/02 11:08:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/21 18:37:11 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Funmoods ()
CHR - default_search_provider: search_url = http://searchfunmood...yE&cr=402383642
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://searchfunmood...yE&cr=402383642
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.112\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\13.0.782.112\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.112\pdf.dll
CHR - plugin: eRoom (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npeRoom7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Sherman\Application Data\Move Networks\plugins\npqmp071705000014.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Sherman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
O1 HOSTS File: ([2008/12/31 00:40:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode File not found
O4 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized File not found
O4 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005..\Run: [Spotify Web Helper] C:\Documents and Settings\Sherman\Application Data\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32\ScanWiz5\SDII.exe ()
O4 - Startup: C:\Documents and Settings\Sherman\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O15 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\..Trusted Domains: jocogov.org ([ims] http in Trusted sites)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://alternatiff.c.../00/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewi...oOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1356149689358 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1356828594718 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.micr...loadManager.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A015505-9548-45E9-ABBD-F872CD4F99D1}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Sherman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sherman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013/01/05 15:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/01/05 15:48:06 | 004,778,720 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Sherman\Desktop\spsetup119.exe
[2013/01/05 09:18:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/01/02 23:10:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/01/02 22:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherman\My Documents\My Downloads
[2013/01/01 11:55:44 | 000,697,911 | ---- | C] (Farbar) -- C:\Documents and Settings\Sherman\Desktop\FSS.exe
[2012/12/30 20:45:17 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012/12/30 20:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/12/29 18:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherman\Application Data\ElevatedDiagnostics
[2012/12/29 18:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/12/29 18:37:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/12/29 17:29:21 | 001,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2012/12/29 17:29:21 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2012/12/29 17:29:16 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2012/12/29 17:29:16 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2012/12/29 17:29:15 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2012/12/29 17:28:59 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2012/12/29 17:25:39 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2012/12/29 17:14:28 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/12/28 21:36:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/27 22:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherman\Desktop\RK_Quarantine
[2012/12/27 21:54:34 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Sherman\Desktop\iexplore.exe
[2012/12/21 17:19:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sherman\Desktop\OTL.exe
[2012/12/08 16:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Sherman\My Documents\*.tmp files -> C:\Documents and Settings\Sherman\My Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/01/06 14:33:23 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/01/06 14:33:14 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/01/06 14:24:03 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/06 14:23:30 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/06 14:23:29 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Sherman.job
[2013/01/06 14:23:27 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3089392352-1124448085-2515576934-1005.job
[2013/01/06 14:23:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/06 14:23:10 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/06 13:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/06 13:11:00 | 1063,743,488 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013/01/05 17:24:49 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2013/01/05 16:40:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/01/05 16:24:03 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Sherman.job
[2013/01/05 16:12:14 | 000,239,977 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\photo(3).JPG
[2013/01/05 15:53:17 | 004,778,720 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Sherman\Desktop\spsetup119.exe
[2013/01/05 15:40:41 | 056,819,712 | ---- | M] () -- C:\Documents and Settings\Sherman\My Documents\QDATA.MNY
[2013/01/05 15:40:33 | 012,322,422 | R--- | M] () -- C:\Documents and Settings\Sherman\My Documents\QDATA Backup.mbf
[2013/01/05 14:28:05 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Sherman.job
[2013/01/05 14:02:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/03 16:47:50 | 000,179,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/02 23:23:05 | 000,087,363 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\Device_Mgr.JPG
[2013/01/02 23:14:23 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013/01/01 22:56:48 | 000,007,182 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\PrimoPDFSet.xml
[2013/01/01 12:12:41 | 000,163,140 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\XP_Update3.JPG
[2013/01/01 12:00:35 | 000,697,911 | ---- | M] (Farbar) -- C:\Documents and Settings\Sherman\Desktop\FSS.exe
[2012/12/31 21:15:49 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\Spider Solitaire.lnk
[2012/12/31 21:02:54 | 000,153,043 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\XP_Update2.JPG
[2012/12/31 21:01:50 | 000,137,420 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\XP_Update1.JPG
[2012/12/31 20:57:44 | 000,145,578 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\System.JPG
[2012/12/30 20:38:26 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/12/29 22:41:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/29 22:28:25 | 000,002,794 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\fullregbackup.reg
[2012/12/29 18:37:31 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/29 18:08:17 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2012/12/27 22:38:55 | 000,758,784 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\RogueKiller(1).exe
[2012/12/27 21:55:30 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Sherman\Desktop\iexplore.exe
[2012/12/21 17:19:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sherman\Desktop\OTL.exe
[2012/12/15 19:19:34 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/12/15 19:19:34 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Sherman\My Documents\*.tmp files -> C:\Documents and Settings\Sherman\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/01/05 16:12:10 | 000,239,977 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\photo(3).JPG
[2013/01/05 15:55:54 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2013/01/02 23:23:05 | 000,087,363 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\Device_Mgr.JPG
[2013/01/01 12:10:48 | 000,163,140 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\XP_Update3.JPG
[2012/12/31 21:02:54 | 000,153,043 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\XP_Update2.JPG
[2012/12/31 21:01:50 | 000,137,420 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\XP_Update1.JPG
[2012/12/31 20:57:43 | 000,145,578 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\System.JPG
[2012/12/30 20:48:14 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/12/30 20:48:14 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/12/30 20:38:26 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/12/30 20:38:16 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/12/29 22:28:25 | 000,002,794 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\fullregbackup.reg
[2012/12/29 17:29:19 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2012/12/29 17:29:19 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2012/12/29 17:29:19 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2012/12/29 17:29:19 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2012/12/29 17:29:18 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2012/12/29 17:29:18 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2012/12/29 17:29:18 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2012/12/29 17:29:18 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2012/12/29 17:29:18 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2012/12/29 17:29:18 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2012/12/29 17:29:18 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2012/12/29 17:29:18 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2012/12/29 17:29:18 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2012/12/29 17:29:18 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2012/12/29 17:29:18 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2012/12/29 17:29:18 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2012/12/29 17:29:18 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2012/12/29 17:29:17 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2012/12/29 17:29:17 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2012/12/29 17:29:17 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2012/12/29 17:29:17 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2012/12/29 17:29:17 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2012/12/29 17:29:17 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2012/12/29 17:29:17 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2012/12/29 17:29:17 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2012/12/29 17:29:17 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2012/12/29 17:29:17 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2012/12/29 17:29:17 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2012/12/29 17:29:17 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2012/12/29 17:29:17 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2012/12/29 17:29:17 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2012/12/29 17:29:17 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2012/12/29 17:29:17 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2012/12/29 17:29:17 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2012/12/29 17:29:17 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2012/12/29 17:29:17 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2012/12/29 17:29:17 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2012/12/29 17:29:17 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2012/12/29 17:29:17 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2012/12/29 17:29:17 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2012/12/29 17:29:17 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2012/12/29 17:29:17 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2012/12/29 17:29:16 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2012/12/29 17:29:16 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2012/12/29 17:29:16 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2012/12/29 17:29:16 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2012/12/29 17:29:16 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2012/12/29 17:29:16 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2012/12/29 17:29:16 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2012/12/29 17:29:16 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2012/12/29 17:29:16 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2012/12/29 17:29:16 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2012/12/29 17:29:16 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2012/12/29 17:29:16 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2012/12/29 17:29:16 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2012/12/29 17:29:16 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2012/12/29 17:29:16 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2012/12/29 17:29:16 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2012/12/29 17:29:16 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2012/12/29 17:29:16 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2012/12/29 17:29:16 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2012/12/29 17:29:16 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2012/12/29 17:29:16 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2012/12/29 17:29:16 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2012/12/29 17:29:16 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2012/12/29 17:29:16 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2012/12/29 17:29:16 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2012/12/29 17:29:15 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2012/12/29 17:29:15 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2012/12/29 17:29:15 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2012/12/29 17:29:15 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2012/12/29 17:29:15 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2012/12/29 17:29:15 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2012/12/29 17:29:15 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2012/12/29 17:29:15 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2012/12/29 17:29:15 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2012/12/29 17:29:15 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2012/12/29 17:29:15 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2012/12/29 17:29:15 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2012/12/29 17:29:15 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2012/12/27 22:38:58 | 000,758,784 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\RogueKiller(1).exe
[2012/12/24 23:42:03 | 1063,743,488 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2012/12/21 16:20:08 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Sherman.job
[2012/12/21 16:20:03 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Sherman.job
[2012/12/21 16:20:02 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Sherman.job
[2012/02/16 08:50:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/03/08 13:44:43 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Sherman\Local Settings\Application Data\fusioncache.dat
[2011/03/08 13:31:32 | 000,240,640 | ---- | C] () -- C:\Documents and Settings\Sherman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/28 18:05:08 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/19 09:21:51 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Sherman\Application Data\$_hpcst$.hpc
[2009/04/19 17:36:14 | 000,000,418 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2008/12/30 22:11:29 | 000,007,182 | ---- | C] () -- C:\Documents and Settings\Sherman\Application Data\PrimoPDFSet.xml
[2007/05/20 11:06:32 | 000,001,395 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/01 22:28:50 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/07/22 13:41:26 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Sherman\Application Data\dvd.bmk
[2006/07/22 12:53:14 | 004,456,448 | -H-- | C] () -- C:\Documents and Settings\Sherman\NTUSER.bak
========== ZeroAccess Check ==========
[2005/08/16 03:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 05:41:54 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ==========
< MD5 for: ATAPI.SYS >
[2004/08/10 04:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/04 04:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< %systemdrive%|Documents;false;false;false /FP >
========== Alternate Data Streams ==========
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
#26
Posted 06 January 2013 - 03:39 PM
godawgs
-
- Retired Staff
-
- 8,228 posts
Teacher
Hi Quint,
I need the Dell Service Tag number. You can find out how to locate it here. Go to Issue 3: Locating the Service Tag on a Notebook Computer. and see Figure 3.
OTL Custom Scan
NOTE: I have changed the settings.
1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the box in OTL. To do that:
2. Re-open OTL on the desktop. To do that:
Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The Service Tag number
2. The OTL.txt log
I need the Dell Service Tag number. You can find out how to locate it here. Go to Issue 3: Locating the Service Tag on a Notebook Computer. and see Figure 3.
OTL Custom ScanNOTE: I have changed the settings.
1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the
box in OTL. To do that:- Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.
dir C:\ /c
2. Re-open OTL on the desktop. To do that:
- Double click on the OTL icon to run it. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
Make sure all other windows are closed. - You will see a console like the one below:
- Check the greyed out NONE button at the top of the console
- Make sure the Output box at the top is set to Standard Output.
- Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
- Click the button. Do not change any settings unless otherwise told to do so.
- Let the scan run uninterrupted.
- When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
- Please copy the contents of this file and paste it into your reply. To do that:
- On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
- Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The Service Tag number
2. The OTL.txt log
#27
Posted 06 January 2013 - 09:33 PM
Quint2724
- Topic Starter
-
- Member
-
- 44 posts
Member
OTL logfile created on: 1/6/2013 9:10:16 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Sherman\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.37 Mb Total Physical Memory | 335.79 Mb Available Physical Memory | 33.10% Memory free
2.38 Gb Paging File | 1.84 Gb Available in Paging File | 77.08% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.06 Gb Total Space | 20.49 Gb Free Space | 23.54% Space Free | Partition Type: NTFS
Computer Name: D4065BB1 | User Name: Sherman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/12/21 17:19:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sherman\Desktop\OTL.exe
PRC - [2012/12/08 16:56:52 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/07/08 18:08:08 | 000,932,528 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/01/27 16:54:31 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/25 16:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/07/25 16:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/07/25 16:26:14 | 000,491,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/03/24 15:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/05 02:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2003/09/10 01:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe
PRC - [2003/07/25 08:14:02 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
PRC - [2001/07/23 15:38:40 | 000,315,392 | ---- | M] () -- C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
========== Modules (No Company Name) ==========
MOD - [2012/12/15 19:19:34 | 014,586,296 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2012/12/08 16:56:51 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/07/08 18:08:08 | 000,932,528 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/04/14 05:42:06 | 000,270,848 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/14 05:42:04 | 001,288,192 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/07/25 16:25:48 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/04/25 10:55:40 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2006/12/11 15:12:04 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2005/10/05 02:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
MOD - [2003/09/10 01:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe
MOD - [2001/07/23 15:38:40 | 000,315,392 | ---- | M] () -- C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
========== Services (SafeList) ==========
SRV - [2012/12/15 19:19:35 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/08 16:56:51 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/05/05 16:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2003/05/14 06:45:04 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2242402D-DB76-45B9-9657-09DE939A0C56}\MpKsld1812735.sys -- (MpKsld1812735)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvuvc.sys -- (LVUVC)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvrs.sys -- (LVRS)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Sherman\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2007/08/08 08:17:54 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/05/29 15:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/03/22 11:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 11:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2006/03/24 15:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/12/04 08:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005/08/04 19:32:16 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/14 02:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 01:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 03:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [1996/07/12 19:31:10 | 000,014,528 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\..\SearchScopes,DefaultScope = {F7C76515-A05E-4ACB-8402-A756D0C0BC3C}
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\..\SearchScopes\{F7C76515-A05E-4ACB-8402-A756D0C0BC3C}: "URL" = http://www.google.co...f8&oe=utf8&rlz=
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B37E4D8EA-8BDA-4831-8EA1-89053939A250%7D:3.0.0.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/08 16:56:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/08 16:56:40 | 000,000,000 | ---D | M]
[2008/08/31 12:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Extensions
[2012/12/14 20:27:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\n63d4r8v.default\extensions
[2010/06/04 08:58:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\n63d4r8v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/04 09:33:48 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\n63d4r8v.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2012/12/08 16:56:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/08 16:56:52 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/02 11:08:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/21 18:37:11 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Funmoods ()
CHR - default_search_provider: search_url = http://searchfunmood...yE&cr=402383642
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://searchfunmood...yE&cr=402383642
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.112\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\13.0.782.112\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.112\pdf.dll
CHR - plugin: eRoom (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npeRoom7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Sherman\Application Data\Move Networks\plugins\npqmp071705000014.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Sherman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
O1 HOSTS File: ([2008/12/31 00:40:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode File not found
O4 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized File not found
O4 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005..\Run: [Spotify Web Helper] C:\Documents and Settings\Sherman\Application Data\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32\ScanWiz5\SDII.exe ()
O4 - Startup: C:\Documents and Settings\Sherman\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O15 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\..Trusted Domains: jocogov.org ([ims] http in Trusted sites)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://alternatiff.c.../00/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewi...oOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1356149689358 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1356828594718 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.micr...loadManager.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A015505-9548-45E9-ABBD-F872CD4F99D1}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Sherman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sherman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/01/05 15:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/01/05 15:48:06 | 004,778,720 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Sherman\Desktop\spsetup119.exe
[2013/01/05 09:18:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/01/02 23:10:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/01/02 22:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherman\My Documents\My Downloads
[2013/01/01 11:55:44 | 000,697,911 | ---- | C] (Farbar) -- C:\Documents and Settings\Sherman\Desktop\FSS.exe
[2012/12/30 20:45:17 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012/12/30 20:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/12/29 18:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherman\Application Data\ElevatedDiagnostics
[2012/12/29 18:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/12/29 18:37:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/12/29 17:29:21 | 001,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2012/12/29 17:29:21 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2012/12/29 17:29:16 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2012/12/29 17:29:16 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2012/12/29 17:29:15 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2012/12/29 17:28:59 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2012/12/29 17:25:39 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2012/12/29 17:14:28 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/12/28 21:36:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/27 22:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherman\Desktop\RK_Quarantine
[2012/12/27 21:54:34 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Sherman\Desktop\iexplore.exe
[2012/12/21 17:19:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sherman\Desktop\OTL.exe
[2012/12/08 16:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Sherman\My Documents\*.tmp files -> C:\Documents and Settings\Sherman\My Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/01/06 21:14:21 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/01/06 21:14:12 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/01/06 21:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/06 21:08:18 | 000,187,863 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\photo(4).JPG
[2013/01/06 21:04:51 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/06 21:04:24 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/06 21:04:23 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Sherman.job
[2013/01/06 21:04:18 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3089392352-1124448085-2515576934-1005.job
[2013/01/06 21:04:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/06 21:04:09 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/06 13:11:00 | 1063,743,488 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013/01/05 17:24:49 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2013/01/05 16:40:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/01/05 16:24:03 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Sherman.job
[2013/01/05 16:12:14 | 000,239,977 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\photo(3).JPG
[2013/01/05 15:53:17 | 004,778,720 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Sherman\Desktop\spsetup119.exe
[2013/01/05 15:40:41 | 056,819,712 | ---- | M] () -- C:\Documents and Settings\Sherman\My Documents\QDATA.MNY
[2013/01/05 15:40:33 | 012,322,422 | R--- | M] () -- C:\Documents and Settings\Sherman\My Documents\QDATA Backup.mbf
[2013/01/05 14:28:05 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Sherman.job
[2013/01/05 14:02:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/03 16:47:50 | 000,179,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/02 23:23:05 | 000,087,363 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\Device_Mgr.JPG
[2013/01/02 23:14:23 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013/01/01 22:56:48 | 000,007,182 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\PrimoPDFSet.xml
[2013/01/01 12:12:41 | 000,163,140 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\XP_Update3.JPG
[2013/01/01 12:00:35 | 000,697,911 | ---- | M] (Farbar) -- C:\Documents and Settings\Sherman\Desktop\FSS.exe
[2012/12/31 21:15:49 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\Spider Solitaire.lnk
[2012/12/31 21:02:54 | 000,153,043 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\XP_Update2.JPG
[2012/12/31 21:01:50 | 000,137,420 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\XP_Update1.JPG
[2012/12/31 20:57:44 | 000,145,578 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\System.JPG
[2012/12/30 20:38:26 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/12/29 22:41:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/29 22:28:25 | 000,002,794 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\fullregbackup.reg
[2012/12/29 18:37:31 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/29 18:08:17 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2012/12/27 22:38:55 | 000,758,784 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\RogueKiller(1).exe
[2012/12/27 21:55:30 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Sherman\Desktop\iexplore.exe
[2012/12/21 17:19:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sherman\Desktop\OTL.exe
[2012/12/15 19:19:34 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/12/15 19:19:34 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Sherman\My Documents\*.tmp files -> C:\Documents and Settings\Sherman\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/01/06 21:08:17 | 000,187,863 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\photo(4).JPG
[2013/01/05 16:12:10 | 000,239,977 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\photo(3).JPG
[2013/01/05 15:55:54 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2013/01/02 23:23:05 | 000,087,363 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\Device_Mgr.JPG
[2013/01/01 12:10:48 | 000,163,140 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\XP_Update3.JPG
[2012/12/31 21:02:54 | 000,153,043 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\XP_Update2.JPG
[2012/12/31 21:01:50 | 000,137,420 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\XP_Update1.JPG
[2012/12/31 20:57:43 | 000,145,578 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\System.JPG
[2012/12/30 20:48:14 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/12/30 20:48:14 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/12/30 20:38:26 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/12/30 20:38:16 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/12/29 22:28:25 | 000,002,794 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\fullregbackup.reg
[2012/12/29 17:29:19 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2012/12/29 17:29:19 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2012/12/29 17:29:19 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2012/12/29 17:29:19 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2012/12/29 17:29:18 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2012/12/29 17:29:18 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2012/12/29 17:29:18 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2012/12/29 17:29:18 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2012/12/29 17:29:18 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2012/12/29 17:29:18 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2012/12/29 17:29:18 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2012/12/29 17:29:18 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2012/12/29 17:29:18 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2012/12/29 17:29:18 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2012/12/29 17:29:18 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2012/12/29 17:29:18 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2012/12/29 17:29:18 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2012/12/29 17:29:17 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2012/12/29 17:29:17 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2012/12/29 17:29:17 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2012/12/29 17:29:17 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2012/12/29 17:29:17 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2012/12/29 17:29:17 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2012/12/29 17:29:17 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2012/12/29 17:29:17 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2012/12/29 17:29:17 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2012/12/29 17:29:17 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2012/12/29 17:29:17 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2012/12/29 17:29:17 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2012/12/29 17:29:17 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2012/12/29 17:29:17 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2012/12/29 17:29:17 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2012/12/29 17:29:17 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2012/12/29 17:29:17 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2012/12/29 17:29:17 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2012/12/29 17:29:17 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2012/12/29 17:29:17 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2012/12/29 17:29:17 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2012/12/29 17:29:17 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2012/12/29 17:29:17 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2012/12/29 17:29:17 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2012/12/29 17:29:17 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2012/12/29 17:29:16 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2012/12/29 17:29:16 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2012/12/29 17:29:16 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2012/12/29 17:29:16 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2012/12/29 17:29:16 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2012/12/29 17:29:16 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2012/12/29 17:29:16 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2012/12/29 17:29:16 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2012/12/29 17:29:16 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2012/12/29 17:29:16 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2012/12/29 17:29:16 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2012/12/29 17:29:16 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2012/12/29 17:29:16 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2012/12/29 17:29:16 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2012/12/29 17:29:16 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2012/12/29 17:29:16 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2012/12/29 17:29:16 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2012/12/29 17:29:16 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2012/12/29 17:29:16 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2012/12/29 17:29:16 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2012/12/29 17:29:16 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2012/12/29 17:29:16 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2012/12/29 17:29:16 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2012/12/29 17:29:16 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2012/12/29 17:29:16 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2012/12/29 17:29:15 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2012/12/29 17:29:15 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2012/12/29 17:29:15 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2012/12/29 17:29:15 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2012/12/29 17:29:15 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2012/12/29 17:29:15 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2012/12/29 17:29:15 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2012/12/29 17:29:15 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2012/12/29 17:29:15 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2012/12/29 17:29:15 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2012/12/29 17:29:15 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2012/12/29 17:29:15 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2012/12/29 17:29:15 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2012/12/27 22:38:58 | 000,758,784 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\RogueKiller(1).exe
[2012/12/24 23:42:03 | 1063,743,488 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2012/12/21 16:20:08 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Sherman.job
[2012/12/21 16:20:03 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Sherman.job
[2012/12/21 16:20:02 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Sherman.job
[2012/02/16 08:50:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/03/08 13:44:43 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Sherman\Local Settings\Application Data\fusioncache.dat
[2011/03/08 13:31:32 | 000,240,640 | ---- | C] () -- C:\Documents and Settings\Sherman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/28 18:05:08 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/19 09:21:51 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Sherman\Application Data\$_hpcst$.hpc
[2009/04/19 17:36:14 | 000,000,418 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2008/12/30 22:11:29 | 000,007,182 | ---- | C] () -- C:\Documents and Settings\Sherman\Application Data\PrimoPDFSet.xml
[2007/05/20 11:06:32 | 000,001,395 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/01 22:28:50 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/07/22 13:41:26 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Sherman\Application Data\dvd.bmk
[2006/07/22 12:53:14 | 004,456,448 | -H-- | C] () -- C:\Documents and Settings\Sherman\NTUSER.bak
========== ZeroAccess Check ==========
[2005/08/16 03:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 05:41:54 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ==========
< dir C:\ /c >
Volume in drive C has no label.
Volume Serial Number is 30B7-0D84
Directory of C:\
08/21/2009 10:14 PM <DIR> 1a289a93b2edfbb193ec82
11/14/2006 11:08 PM <DIR> 6d261e59818c7d8ebdae655e466b
10/11/2007 07:57 PM <DIR> audiograbber
08/16/2005 03:43 AM 0 AUTOEXEC.BAT
11/27/2012 06:41 AM <DIR> Avenger
12/01/2011 04:41 PM 38,696 AVGARDN.TTF
10/11/2007 08:07 PM <DIR> CBLIGHT
08/03/2004 11:00 PM 260,272 cmldr
12/27/2012 10:31 PM 10 COMMANDS.TXT
08/16/2005 03:43 AM 0 CONFIG.SYS
12/28/2006 12:52 AM <DIR> DECCHECK
01/04/2009 11:25 PM <DIR> dell
12/27/2012 10:32 PM 171 DISKREPORT.TXT
12/20/2007 12:55 AM <DIR> Documents and Settings
11/26/2012 10:48 PM <DIR> drivers
06/19/2012 07:25 PM 182 drwtsn32.log
07/29/2006 10:30 AM <DIR> Garmin
03/09/2007 05:44 PM 8 GetFlashID.txt
10/11/2007 04:53 PM 11,273 hpcmerr.log
07/29/2006 10:13 AM <DIR> i386
11/26/2012 10:48 PM 4,128 INFCACHE.1
12/20/2007 12:34 AM 164 install.dat
01/14/2010 09:17 PM <DIR> Kpcms
08/01/2010 06:11 PM 109 mbam-error.txt
01/14/2010 09:17 PM <DIR> Microtek
07/10/2006 07:28 PM <DIR> My Music
11/11/2008 04:48 PM 1,145 net_save.dna
07/29/2006 10:30 AM 169 PC_Basemap.log
01/05/2013 03:55 PM <DIR> Program Files
07/10/2006 07:29 PM 71 SystemInfo.ini
01/21/2008 06:54 PM 49 tmp.bat
12/02/2006 08:49 PM 63,080 VETlog.dmp
12/02/2006 08:49 PM 2,047 VETlog.txt
01/06/2013 09:04 PM <DIR> WINDOWS
12/28/2012 09:36 PM <DIR> _OTL
18 File(s) 381,574 bytes
17 Dir(s) 22,003,978,240 bytes free
========== Alternate Data Streams ==========
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Sherman\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.37 Mb Total Physical Memory | 335.79 Mb Available Physical Memory | 33.10% Memory free
2.38 Gb Paging File | 1.84 Gb Available in Paging File | 77.08% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.06 Gb Total Space | 20.49 Gb Free Space | 23.54% Space Free | Partition Type: NTFS
Computer Name: D4065BB1 | User Name: Sherman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/12/21 17:19:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sherman\Desktop\OTL.exe
PRC - [2012/12/08 16:56:52 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/07/08 18:08:08 | 000,932,528 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/01/27 16:54:31 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/25 16:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/07/25 16:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/07/25 16:26:14 | 000,491,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/03/24 15:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/05 02:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2003/09/10 01:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe
PRC - [2003/07/25 08:14:02 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
PRC - [2001/07/23 15:38:40 | 000,315,392 | ---- | M] () -- C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
========== Modules (No Company Name) ==========
MOD - [2012/12/15 19:19:34 | 014,586,296 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2012/12/08 16:56:51 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/07/08 18:08:08 | 000,932,528 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/04/14 05:42:06 | 000,270,848 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/14 05:42:04 | 001,288,192 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/07/25 16:25:48 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/04/25 10:55:40 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2006/12/11 15:12:04 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2005/10/05 02:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
MOD - [2003/09/10 01:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe
MOD - [2001/07/23 15:38:40 | 000,315,392 | ---- | M] () -- C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
========== Services (SafeList) ==========
SRV - [2012/12/15 19:19:35 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/08 16:56:51 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/05/05 16:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2003/05/14 06:45:04 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2242402D-DB76-45B9-9657-09DE939A0C56}\MpKsld1812735.sys -- (MpKsld1812735)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvuvc.sys -- (LVUVC)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvrs.sys -- (LVRS)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Sherman\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2007/08/08 08:17:54 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/05/29 15:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/03/22 11:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 11:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2006/03/24 15:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/12/04 08:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005/08/04 19:32:16 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/14 02:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 01:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 03:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [1996/07/12 19:31:10 | 000,014,528 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\..\SearchScopes,DefaultScope = {F7C76515-A05E-4ACB-8402-A756D0C0BC3C}
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\..\SearchScopes\{F7C76515-A05E-4ACB-8402-A756D0C0BC3C}: "URL" = http://www.google.co...f8&oe=utf8&rlz=
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B37E4D8EA-8BDA-4831-8EA1-89053939A250%7D:3.0.0.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/08 16:56:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/08 16:56:40 | 000,000,000 | ---D | M]
[2008/08/31 12:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Extensions
[2012/12/14 20:27:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\n63d4r8v.default\extensions
[2010/06/04 08:58:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\n63d4r8v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/04 09:33:48 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\n63d4r8v.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2012/12/08 16:56:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/08 16:56:52 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/02 11:08:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/21 18:37:11 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Funmoods ()
CHR - default_search_provider: search_url = http://searchfunmood...yE&cr=402383642
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://searchfunmood...yE&cr=402383642
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.112\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\13.0.782.112\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.112\pdf.dll
CHR - plugin: eRoom (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npeRoom7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Sherman\Application Data\Move Networks\plugins\npqmp071705000014.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Sherman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
O1 HOSTS File: ([2008/12/31 00:40:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode File not found
O4 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized File not found
O4 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005..\Run: [Spotify Web Helper] C:\Documents and Settings\Sherman\Application Data\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32\ScanWiz5\SDII.exe ()
O4 - Startup: C:\Documents and Settings\Sherman\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O15 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-3089392352-1124448085-2515576934-1005\..Trusted Domains: jocogov.org ([ims] http in Trusted sites)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://alternatiff.c.../00/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewi...oOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1356149689358 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1356828594718 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.micr...loadManager.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A015505-9548-45E9-ABBD-F872CD4F99D1}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Sherman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sherman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/01/05 15:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/01/05 15:48:06 | 004,778,720 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Sherman\Desktop\spsetup119.exe
[2013/01/05 09:18:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/01/02 23:10:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/01/02 22:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherman\My Documents\My Downloads
[2013/01/01 11:55:44 | 000,697,911 | ---- | C] (Farbar) -- C:\Documents and Settings\Sherman\Desktop\FSS.exe
[2012/12/30 20:45:17 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012/12/30 20:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/12/29 18:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherman\Application Data\ElevatedDiagnostics
[2012/12/29 18:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/12/29 18:37:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/12/29 17:29:21 | 001,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2012/12/29 17:29:21 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2012/12/29 17:29:16 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2012/12/29 17:29:16 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2012/12/29 17:29:15 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2012/12/29 17:28:59 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2012/12/29 17:25:39 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2012/12/29 17:14:28 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/12/28 21:36:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/27 22:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherman\Desktop\RK_Quarantine
[2012/12/27 21:54:34 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Sherman\Desktop\iexplore.exe
[2012/12/21 17:19:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sherman\Desktop\OTL.exe
[2012/12/08 16:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Sherman\My Documents\*.tmp files -> C:\Documents and Settings\Sherman\My Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/01/06 21:14:21 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/01/06 21:14:12 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/01/06 21:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/06 21:08:18 | 000,187,863 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\photo(4).JPG
[2013/01/06 21:04:51 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/06 21:04:24 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/06 21:04:23 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Sherman.job
[2013/01/06 21:04:18 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3089392352-1124448085-2515576934-1005.job
[2013/01/06 21:04:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/06 21:04:09 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/06 13:11:00 | 1063,743,488 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013/01/05 17:24:49 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2013/01/05 16:40:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/01/05 16:24:03 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Sherman.job
[2013/01/05 16:12:14 | 000,239,977 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\photo(3).JPG
[2013/01/05 15:53:17 | 004,778,720 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Sherman\Desktop\spsetup119.exe
[2013/01/05 15:40:41 | 056,819,712 | ---- | M] () -- C:\Documents and Settings\Sherman\My Documents\QDATA.MNY
[2013/01/05 15:40:33 | 012,322,422 | R--- | M] () -- C:\Documents and Settings\Sherman\My Documents\QDATA Backup.mbf
[2013/01/05 14:28:05 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Sherman.job
[2013/01/05 14:02:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/03 16:47:50 | 000,179,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/02 23:23:05 | 000,087,363 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\Device_Mgr.JPG
[2013/01/02 23:14:23 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013/01/01 22:56:48 | 000,007,182 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\PrimoPDFSet.xml
[2013/01/01 12:12:41 | 000,163,140 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\XP_Update3.JPG
[2013/01/01 12:00:35 | 000,697,911 | ---- | M] (Farbar) -- C:\Documents and Settings\Sherman\Desktop\FSS.exe
[2012/12/31 21:15:49 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\Spider Solitaire.lnk
[2012/12/31 21:02:54 | 000,153,043 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\XP_Update2.JPG
[2012/12/31 21:01:50 | 000,137,420 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\XP_Update1.JPG
[2012/12/31 20:57:44 | 000,145,578 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\System.JPG
[2012/12/30 20:38:26 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/12/29 22:41:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/29 22:28:25 | 000,002,794 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\fullregbackup.reg
[2012/12/29 18:37:31 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/29 18:08:17 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2012/12/27 22:38:55 | 000,758,784 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\RogueKiller(1).exe
[2012/12/27 21:55:30 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Sherman\Desktop\iexplore.exe
[2012/12/21 17:19:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sherman\Desktop\OTL.exe
[2012/12/15 19:19:34 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/12/15 19:19:34 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Sherman\My Documents\*.tmp files -> C:\Documents and Settings\Sherman\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/01/06 21:08:17 | 000,187,863 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\photo(4).JPG
[2013/01/05 16:12:10 | 000,239,977 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\photo(3).JPG
[2013/01/05 15:55:54 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2013/01/02 23:23:05 | 000,087,363 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\Device_Mgr.JPG
[2013/01/01 12:10:48 | 000,163,140 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\XP_Update3.JPG
[2012/12/31 21:02:54 | 000,153,043 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\XP_Update2.JPG
[2012/12/31 21:01:50 | 000,137,420 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\XP_Update1.JPG
[2012/12/31 20:57:43 | 000,145,578 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\System.JPG
[2012/12/30 20:48:14 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/12/30 20:48:14 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/12/30 20:38:26 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/12/30 20:38:16 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/12/29 22:28:25 | 000,002,794 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\fullregbackup.reg
[2012/12/29 17:29:19 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2012/12/29 17:29:19 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2012/12/29 17:29:19 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2012/12/29 17:29:19 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2012/12/29 17:29:18 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2012/12/29 17:29:18 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2012/12/29 17:29:18 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2012/12/29 17:29:18 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2012/12/29 17:29:18 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2012/12/29 17:29:18 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2012/12/29 17:29:18 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2012/12/29 17:29:18 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2012/12/29 17:29:18 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2012/12/29 17:29:18 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2012/12/29 17:29:18 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2012/12/29 17:29:18 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2012/12/29 17:29:18 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2012/12/29 17:29:17 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2012/12/29 17:29:17 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2012/12/29 17:29:17 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2012/12/29 17:29:17 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2012/12/29 17:29:17 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2012/12/29 17:29:17 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2012/12/29 17:29:17 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2012/12/29 17:29:17 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2012/12/29 17:29:17 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2012/12/29 17:29:17 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2012/12/29 17:29:17 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2012/12/29 17:29:17 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2012/12/29 17:29:17 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2012/12/29 17:29:17 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2012/12/29 17:29:17 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2012/12/29 17:29:17 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2012/12/29 17:29:17 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2012/12/29 17:29:17 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2012/12/29 17:29:17 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2012/12/29 17:29:17 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2012/12/29 17:29:17 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2012/12/29 17:29:17 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2012/12/29 17:29:17 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2012/12/29 17:29:17 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2012/12/29 17:29:17 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2012/12/29 17:29:16 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2012/12/29 17:29:16 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2012/12/29 17:29:16 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2012/12/29 17:29:16 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2012/12/29 17:29:16 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2012/12/29 17:29:16 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2012/12/29 17:29:16 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2012/12/29 17:29:16 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2012/12/29 17:29:16 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2012/12/29 17:29:16 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2012/12/29 17:29:16 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2012/12/29 17:29:16 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2012/12/29 17:29:16 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2012/12/29 17:29:16 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2012/12/29 17:29:16 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2012/12/29 17:29:16 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2012/12/29 17:29:16 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2012/12/29 17:29:16 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2012/12/29 17:29:16 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2012/12/29 17:29:16 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2012/12/29 17:29:16 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2012/12/29 17:29:16 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2012/12/29 17:29:16 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2012/12/29 17:29:16 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2012/12/29 17:29:16 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2012/12/29 17:29:15 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2012/12/29 17:29:15 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2012/12/29 17:29:15 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2012/12/29 17:29:15 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2012/12/29 17:29:15 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2012/12/29 17:29:15 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2012/12/29 17:29:15 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2012/12/29 17:29:15 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2012/12/29 17:29:15 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2012/12/29 17:29:15 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2012/12/29 17:29:15 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2012/12/29 17:29:15 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2012/12/29 17:29:15 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2012/12/27 22:38:58 | 000,758,784 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\RogueKiller(1).exe
[2012/12/24 23:42:03 | 1063,743,488 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2012/12/21 16:20:08 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Sherman.job
[2012/12/21 16:20:03 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Sherman.job
[2012/12/21 16:20:02 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Sherman.job
[2012/02/16 08:50:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/03/08 13:44:43 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Sherman\Local Settings\Application Data\fusioncache.dat
[2011/03/08 13:31:32 | 000,240,640 | ---- | C] () -- C:\Documents and Settings\Sherman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/28 18:05:08 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/19 09:21:51 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Sherman\Application Data\$_hpcst$.hpc
[2009/04/19 17:36:14 | 000,000,418 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2008/12/30 22:11:29 | 000,007,182 | ---- | C] () -- C:\Documents and Settings\Sherman\Application Data\PrimoPDFSet.xml
[2007/05/20 11:06:32 | 000,001,395 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/01 22:28:50 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/07/22 13:41:26 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Sherman\Application Data\dvd.bmk
[2006/07/22 12:53:14 | 004,456,448 | -H-- | C] () -- C:\Documents and Settings\Sherman\NTUSER.bak
========== ZeroAccess Check ==========
[2005/08/16 03:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 05:41:54 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ==========
< dir C:\ /c >
Volume in drive C has no label.
Volume Serial Number is 30B7-0D84
Directory of C:\
08/21/2009 10:14 PM <DIR> 1a289a93b2edfbb193ec82
11/14/2006 11:08 PM <DIR> 6d261e59818c7d8ebdae655e466b
10/11/2007 07:57 PM <DIR> audiograbber
08/16/2005 03:43 AM 0 AUTOEXEC.BAT
11/27/2012 06:41 AM <DIR> Avenger
12/01/2011 04:41 PM 38,696 AVGARDN.TTF
10/11/2007 08:07 PM <DIR> CBLIGHT
08/03/2004 11:00 PM 260,272 cmldr
12/27/2012 10:31 PM 10 COMMANDS.TXT
08/16/2005 03:43 AM 0 CONFIG.SYS
12/28/2006 12:52 AM <DIR> DECCHECK
01/04/2009 11:25 PM <DIR> dell
12/27/2012 10:32 PM 171 DISKREPORT.TXT
12/20/2007 12:55 AM <DIR> Documents and Settings
11/26/2012 10:48 PM <DIR> drivers
06/19/2012 07:25 PM 182 drwtsn32.log
07/29/2006 10:30 AM <DIR> Garmin
03/09/2007 05:44 PM 8 GetFlashID.txt
10/11/2007 04:53 PM 11,273 hpcmerr.log
07/29/2006 10:13 AM <DIR> i386
11/26/2012 10:48 PM 4,128 INFCACHE.1
12/20/2007 12:34 AM 164 install.dat
01/14/2010 09:17 PM <DIR> Kpcms
08/01/2010 06:11 PM 109 mbam-error.txt
01/14/2010 09:17 PM <DIR> Microtek
07/10/2006 07:28 PM <DIR> My Music
11/11/2008 04:48 PM 1,145 net_save.dna
07/29/2006 10:30 AM 169 PC_Basemap.log
01/05/2013 03:55 PM <DIR> Program Files
07/10/2006 07:29 PM 71 SystemInfo.ini
01/21/2008 06:54 PM 49 tmp.bat
12/02/2006 08:49 PM 63,080 VETlog.dmp
12/02/2006 08:49 PM 2,047 VETlog.txt
01/06/2013 09:04 PM <DIR> WINDOWS
12/28/2012 09:36 PM <DIR> _OTL
18 File(s) 381,574 bytes
17 Dir(s) 22,003,978,240 bytes free
========== Alternate Data Streams ==========
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
Edited by Quint2724, 07 January 2013 - 10:34 AM.
to remove Windows activation code
#28
Posted 07 January 2013 - 09:51 AM
godawgs
-
- Retired Staff
-
- 8,228 posts
Teacher
Hi Quint,
Unfortunately that was not the Service Tag. That is your Windows activation code and we would rather not have it viewable on the board. I deleted the information at the top of the post, but I can't delete the attachment.
At the top of the page, please click Settings . Then in the left column, click Manage Attachments. The attachments will show in the right pane.
Find the attachment for the sceen shot of the activation code you just posted and click the box to the right or it. Then scroll down to the bottom of the page and click Delete Selected.
Go back to the Dell page
Under Issue 3, look to the far left of the Windows tag (the one you sent a shot of) and you should see a skinny rectangular tag that says Service Tag and Express Service Code. The Service Tag number is what we are looking for. It should be 7 characters long.
In the meantime:
The Funmoods entries are still showing in the Chrome browser. We are gonns run a tool to clean all browsers. Then we are gonna run a fix for the Windows Update problem.
Step-1.
AdwCleaner by Xplode
Download AdwCleaner from here to your desktop.
Close all open windows and browsers.
Step-2.
Dial A Fix
Go to the Dial A Fix page here: http://wiki.lunarsof...wiki/Dial-a-fix
After running Dial-a-fix try the windows updates again.
Step-3.
Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The Service Tag number
2. Were you able to get the Windows updates?
3. The OTL.txt log
Unfortunately that was not the Service Tag. That is your Windows activation code and we would rather not have it viewable on the board. I deleted the information at the top of the post, but I can't delete the attachment.
At the top of the page, please click Settings . Then in the left column, click Manage Attachments. The attachments will show in the right pane.
Find the attachment for the sceen shot of the activation code you just posted and click the box to the right or it. Then scroll down to the bottom of the page and click Delete Selected.
Go back to the Dell page
Under Issue 3, look to the far left of the Windows tag (the one you sent a shot of) and you should see a skinny rectangular tag that says Service Tag and Express Service Code. The Service Tag number is what we are looking for. It should be 7 characters long.
In the meantime:
The Funmoods entries are still showing in the Chrome browser. We are gonns run a tool to clean all browsers. Then we are gonna run a fix for the Windows Update problem.
Step-1.
AdwCleaner by Xplode
Download AdwCleaner from here to your desktop.
Close all open windows and browsers.
- XP users, double click the adwcleaner.exe file to run AdwCleaner.
- Click the Delete button and wait for the scan.
- Everything that was found will be deleted.
- When the scan ends, a report appears.
- Once done it will ask to reboot, allow this
- On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner[S1].txt
Step-2.
Dial A Fix
Go to the Dial A Fix page here: http://wiki.lunarsof...wiki/Dial-a-fix
- Scroll about half way down the page to the Download Dial-a-fix section and download Dial-a-fix v0.60.0.24.zip to the desktop.
- Right click the Dial-a-fix v0.60.0.24.zip folder and click Extract All from the context menu. Extract it to the C:\ folder.
- Navigate to the C:\DialAFix folder and double click on the Dial-a-fix.exe file to run it.
- You will see a toolbar like the image below:
- Click on the green checkmarks and then click the Go button.
After running Dial-a-fix try the windows updates again.
Step-3.
Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The Service Tag number
2. Were you able to get the Windows updates?
3. The OTL.txt log
#29
Posted 07 January 2013 - 11:42 PM
Quint2724
- Topic Starter
-
- Member
-
- 44 posts
Member
Service Tag: 4865881
Express Service Code: 8717454973
After successfully running Dial-a-fix, Update Windows fail to install any updates. All 115 updates failed.
AdwCleaner Log:
# AdwCleaner v2.104 - Logfile created 01/07/2013 at 22:50:46
# Updated 29/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Sherman - D4065BB1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Sherman\Local Settings\Temporary Internet Files\Content.IE5\5TTERV0Y\adwcleaner[1].exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
***** [Registry] *****
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Viewpoint
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v17.0.1 (en-US)
File : C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\n63d4r8v.default\prefs.js
C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\n63d4r8v.default\user.js ... Deleted !
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.funmoods.aflt", "nv1");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.cntry", "US");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "D4E5C34E18261416BE98DE2394AD164A");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2[...]
Deleted : user_pref("extensions.funmoods.id", "001422AF07800D84");
Deleted : user_pref("extensions.funmoods.instlDay", "15670");
Deleted : user_pref("extensions.funmoods.instlRef", "nv1");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2221:15:14");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEt[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=nv1&chnl=nv1&cd=2Xzuy[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2221:15:14");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2221:15:14");
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5ha8rr7h.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v [Unable to get version]
File : C:\Documents and Settings\Sherman\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
Deleted [l.3] : urls_to_restore_on_startup = [ "hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L[...]
Deleted [l.23] : search_url = "hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2Xz[...]
Deleted [l.82] : homepage = "hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtCyEtBtB0A0FtDy[...]
*************************
AdwCleaner[S1].txt - [5252 octets] - [07/01/2013 22:50:46]
########## EOF - C:\AdwCleaner[S1].txt - [5312 octets] ##########
Express Service Code: 8717454973
After successfully running Dial-a-fix, Update Windows fail to install any updates. All 115 updates failed.
AdwCleaner Log:
# AdwCleaner v2.104 - Logfile created 01/07/2013 at 22:50:46
# Updated 29/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Sherman - D4065BB1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Sherman\Local Settings\Temporary Internet Files\Content.IE5\5TTERV0Y\adwcleaner[1].exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
***** [Registry] *****
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Viewpoint
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v17.0.1 (en-US)
File : C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\n63d4r8v.default\prefs.js
C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\n63d4r8v.default\user.js ... Deleted !
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.funmoods.aflt", "nv1");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.cntry", "US");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "D4E5C34E18261416BE98DE2394AD164A");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2[...]
Deleted : user_pref("extensions.funmoods.id", "001422AF07800D84");
Deleted : user_pref("extensions.funmoods.instlDay", "15670");
Deleted : user_pref("extensions.funmoods.instlRef", "nv1");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2221:15:14");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEt[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=nv1&chnl=nv1&cd=2Xzuy[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2221:15:14");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2221:15:14");
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5ha8rr7h.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v [Unable to get version]
File : C:\Documents and Settings\Sherman\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
Deleted [l.3] : urls_to_restore_on_startup = [ "hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L[...]
Deleted [l.23] : search_url = "hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2Xz[...]
Deleted [l.82] : homepage = "hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtCyEtBtB0A0FtDy[...]
*************************
AdwCleaner[S1].txt - [5252 octets] - [07/01/2013 22:50:46]
########## EOF - C:\AdwCleaner[S1].txt - [5312 octets] ##########
#30
Posted 08 January 2013 - 03:25 PM
godawgs
-
- Retired Staff
-
- 8,228 posts
Teacher
Hi Quint,
Please check the Service Tag number again and see if the 4B65BB1 number is correct.
Let's see if this Microsoft Fix It will address the updating issue:
Please go to the Microsoft page here http://support.micro...windows_update/
Click the Run Now button in the Fixit window.
Reboot and go to the Microsoft Update Site and see if Windows updates will download and update.
Dell doesn't recognize that Service Tag number. But it does recognize the Express Service Code number and the Service Tag number linked to it is 4B65BB1Service Tag: 4865881
Express Service Code: 8717454973
Please check the Service Tag number again and see if the 4B65BB1 number is correct.
Let's see if this Microsoft Fix It will address the updating issue:
Please go to the Microsoft page here http://support.micro...windows_update/
Click the Run Now button in the Fixit window.
Reboot and go to the Microsoft Update Site and see if Windows updates will download and update.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
