Hi Peku006--
Thanks for the help.
OTL Extras logfile created on: 10/1/2010 12:41:33 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\James\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.70 Gb Total Space | 2.31 Gb Free Space | 4.37% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 5.30 Gb Free Space | 28.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 149.05 Gb Total Space | 148.98 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 908.87 Gb Free Space | 97.57% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: D1T1BT91
Current User Name: James
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-3206230093-1823242880-2924292578-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"12001:UDP" = 12001:UDP:*:Enabled:SMART WebServer Handshake Multicast Port
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- File not found
"C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe" = C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- File not found
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- File not found
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- File not found
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- File not found
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- File not found
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- File not found
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-785F-478A-BAA2-87F1A136068C}" = MSN Encarta Plus Support Files
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216016FB}" =
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2CCBABCB-6427-4A55-B091-49864623C43F}" =
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{403EF592-953B-4794-BCEF-ECAB835C2095}" =
"{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}" = Foxit PDF IFilter
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8C25E29E-FC5D-44CD-A58C-5746AF303CF2}" = Microsoft Office Outlook Connector
"{8F968232-15C6-4872-84C2-9FCDAA1AEAB6}" = MPM
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB300003" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB958483" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB960043" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB975195" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976570" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578v2" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769v2" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354v2" =
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}" = Steinberg Cubase LE 4
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BB8B979E-E336-47E7-96BC-1031C1B94561}" =
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C04D5974-F528-4347-A494-EAF56124CC1A}" = Steinberg HALionOne Essential Set
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB200003" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB431780" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB946922" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB947748" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB949272" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952137" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952677" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953300" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953990" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB954832" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB956860" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957541" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957542" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957543" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958129" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958481" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB960043" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB971111" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB974417" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976569" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976576" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976765v2" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB979909" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB980773" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB983583" =
"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003" =
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043" =
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DDDD2F85-CEE4-512D-BCBE-09AA6A0CD869}" =
"{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}" = Dragon NaturallySpeaking 9
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"Ad-Aware SE Personal" =
"AddressBook" =
"Adobe AIR" =
"AudioPlugin.dll" =
"Branding" =
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"CompuApps SwissKnife V3" = CompuApps SwissKnife V3
"Connection Manager" =
"CopyNow.dll" =
"DataPlugin.dll" =
"Dell Digital Jukebox Driver" =
"DirectAnimation" =
"DirectDrawEx" =
"dlatray.exe" =
"DXM_Runtime" =
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 5.8.1 Home Edition
"ExamView Pro" = ExamView Assessment Suite
"Finale NotePad 2008" = Finale NotePad 2008
"Finale Reader" = Finale Reader 2010
"Fontcore" =
"Foxit Reader" = Foxit Reader
"GTK 2.0" = GTK+ Runtime 2.12.1 rev a (remove only)
"HijackThis" = HijackThis 2.0.2
"ICW" =
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"IEData" =
"InfraRecorder" = InfraRecorder
"InstallShield Uninstall Information" =
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"IomegaNT" = IomegaWare
"LessonView" = LessonView
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" =
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Interactive Training" =
"MobileOptionPack" =
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MPlayer2" =
"NetMeeting" =
"OutlookExpress" =
"PC Pitstop Optimize_is1" = PC Pitstop Optimize 1.5
"PCHealth" =
"Picasa 3" = Picasa 3
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"SchedulingAgent" =
"SnagIt6" = SnagIt 6
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Syncrosoft License Control" = Syncrosoft License Control
"TeacherEXPRESS: Prentice Hall Pre-Algebra" = TeacherEXPRESS: Prentice Hall Pre-Algebra
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" =
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.33
"WMCSetup" =
"ZoneAlarm" = ZoneAlarm
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3206230093-1823242880-2924292578-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" Bee Dance" = Bee Dance
" CMP Grade 8" = CMP Grade 8
" CMP Transformation Tool" = CMP Transformation Tool
" FunTools" = FunTools
" Image Analysis Tool" = Image Analysis Tool
" Statistics Tool" = Statistics Tool
" StatTools" = StatTools
" Stretching and Shrinking" = Stretching and Shrinking
"Cognitive Tutor" = Cognitive Tutor
"Google Chrome" = Google Chrome
"Teachers Toolkit" = Teachers Toolkit
"UnityWebPlayer" = Unity Web Player
"WinDirStat" = WinDirStat 1.1.2
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 7/22/2010 8:22:45 PM | Computer Name = D1T1BT91 | Source = Application Error | ID = 1000
Description = Faulting application infrarecorder.exe, version 0.50.0.0, faulting
module infrarecorder.exe, version 0.50.0.0, fault address 0x00022076.
Error - 8/13/2010 12:46:33 AM | Computer Name = D1T1BT91 | Source = MsiInstaller | ID = 11311
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1311.
Source file not found(cabinet): C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\M4561414.CAB.
Verify that the file exists and that you can access it.
Error - 8/14/2010 3:38:23 PM | Computer Name = D1T1BT91 | Source = ESENT | ID = 490
Description = svchost (1372) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).
Error - 8/31/2010 1:00:24 AM | Computer Name = D1T1BT91 | Source = ESENT | ID = 490
Description = svchost (1376) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.chk"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).
Error - 8/31/2010 1:00:24 AM | Computer Name = D1T1BT91 | Source = ESENT | ID = 439
Description = Catalog Database (1376) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\edb.chk. Error -1032.
Error - 9/1/2010 2:11:52 PM | Computer Name = D1T1BT91 | Source = MsiInstaller | ID = 11704
Description = Product: Sophos Anti-Virus -- Error 1704.An installation for Microsoft
Office Professional Edition 2003 is currently suspended. You must undo the changes
made by that installation to continue. Do you want to undo those changes?
Error - 9/12/2010 9:09:37 PM | Computer Name = D1T1BT91 | Source = Application Error | ID = 1000
Description = Faulting application wordconv.exe, version 12.0.6500.5000, faulting
module unknown, version 0.0.0.0, fault address 0x312576b7.
Error - 9/13/2010 2:52:05 PM | Computer Name = D1T1BT91 | Source = Google Update | ID = 20
Description =
Error - 9/23/2010 10:55:26 PM | Computer Name = D1T1BT91 | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.
Error - 9/29/2010 1:34:37 AM | Computer Name = D1T1BT91 | Source = SophosAntiVirus | ID = 327687
Description = An attempt to re-initialize configuration subsystem failed because
the service is shutting down.
[ System Events ]
Error - 9/30/2010 8:12:09 AM | Computer Name = D1T1BT91 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MPFIREWL
Error - 9/30/2010 11:15:16 PM | Computer Name = D1T1BT91 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the ZipToA service to connect.
Error - 9/30/2010 11:15:16 PM | Computer Name = D1T1BT91 | Source = Service Control Manager | ID = 7000
Description = The ZipToA service failed to start due to the following error: %%1053
Error - 9/30/2010 11:15:16 PM | Computer Name = D1T1BT91 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MPFIREWL
Error - 10/1/2010 8:26:05 AM | Computer Name = D1T1BT91 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the ZipToA service to connect.
Error - 10/1/2010 8:26:05 AM | Computer Name = D1T1BT91 | Source = Service Control Manager | ID = 7000
Description = The ZipToA service failed to start due to the following error: %%1053
Error - 10/1/2010 8:26:05 AM | Computer Name = D1T1BT91 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MPFIREWL
Error - 10/1/2010 2:10:04 PM | Computer Name = D1T1BT91 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the ZipToA service to connect.
Error - 10/1/2010 2:10:04 PM | Computer Name = D1T1BT91 | Source = Service Control Manager | ID = 7000
Description = The ZipToA service failed to start due to the following error: %%1053
Error - 10/1/2010 2:10:04 PM | Computer Name = D1T1BT91 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MPFIREWL
< End of report >
OTL logfile created on: 10/1/2010 12:41:33 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\James\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.70 Gb Total Space | 2.31 Gb Free Space | 4.37% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 5.30 Gb Free Space | 28.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 149.05 Gb Total Space | 148.98 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 908.87 Gb Free Space | 97.57% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: D1T1BT91
Current User Name: James
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\James\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Prevx\prevx.exe (Prevx)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\NMSU\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\James\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (Seagate Sync Service) -- C:\Program Files\Seagate\Sync\SeaSyncServices.exe File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (CSIScanner) -- C:\Program Files\Prevx\prevx.exe (Prevx)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (SAVAdminService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (SAVService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (hpqcxs08) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (Imapi Helper) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman)
SRV - (CVPND) -- C:\Program Files\NMSU\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (ZipToA) -- C:\WINDOWS\System32\ZipToA.exe (Iomega Corporation)
========== Driver Services (SafeList) ========== DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found
DRV - (srescan) -- C:\WINDOWS\System32\ZoneLabs\srescan.sys File not found
DRV - (MPFIREWL) -- C:\WINDOWS\System32\Drivers\MpFirewall.sys File not found
DRV - (pxsec) -- C:\WINDOWS\System32\drivers\pxsec.sys (Prevx)
DRV - (pxscan) -- C:\WINDOWS\System32\drivers\pxscan.sys (Prevx)
DRV - (SAVOnAccessControl) -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys (Sophos Plc)
DRV - (SAVOnAccessFilter) -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys (Sophos Plc)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (SophosBootDriver) -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (BrSerIf) -- C:\WINDOWS\system32\drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV - (SynasUSB) -- C:\WINDOWS\system32\drivers\synasUSB.sys (SIA Syncrosoft)
DRV - (BrUsbSer) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (SBKUPNT) -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS ()
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL =
http://www.google.com/ig/dell?hl=en&cli ... channel=usIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
http://www.google.com/ig/dell?hl=en&cli ... channel=us IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.com/ig/dell?hl=en&cli ... channel=usIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/ig/dell?hl=en&cli ... channel=usIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.com/ig/dell?hl=en&cli ... channel=usIE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comIE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/ig/dell?hl=en&cli ... channel=usIE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3206230093-1823242880-2924292578-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.com/ig/dell?hl=en&cli ... channel=usIE - HKU\S-1-5-21-3206230093-1823242880-2924292578-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comIE - HKU\S-1-5-21-3206230093-1823242880-2924292578-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://today.ask.com/foxit?o=101706&l=disIE - HKU\S-1-5-21-3206230093-1823242880-2924292578-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ieIE - HKU\S-1-5-21-3206230093-1823242880-2924292578-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=http://search.yahoo.com/search?ei=UTF-8&fr=yff35awe&p="
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://lib.nmsu.edu/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems:
piclens@cooliris.com:1.12.0.36949
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.2
FF - prefs.js..extensions.enabledItems:
trackmenot@mrl.nyu.edu:0.6.721
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/26 11:30:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/25 21:45:17 | 000,000,000 | ---D | M]
[2008/08/01 21:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Mozilla\Extensions
[2010/09/30 21:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\8y3xgpnh.default\extensions
[2010/05/04 06:24:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\8y3xgpnh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/21 17:30:46 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\8y3xgpnh.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/09/15 12:39:01 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\8y3xgpnh.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/09/10 12:41:00 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\8y3xgpnh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/07/26 18:39:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\8y3xgpnh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/02/15 09:30:21 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\8y3xgpnh.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/08/18 18:45:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\8y3xgpnh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/28 07:43:25 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\8y3xgpnh.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/06/19 12:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\8y3xgpnh.default\extensions\piclens@cooliris.com
[2010/06/19 12:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\8y3xgpnh.default\extensions\piclens@cooliris.com-trash
[2010/04/04 11:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\8y3xgpnh.default\extensions\trackmenot@mrl.nyu.edu
[2010/09/30 21:29:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/12 22:27:14 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
O1 HOSTS File: ([2009/06/04 01:34:42 | 000,000,709 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O3 - HKU\S-1-5-21-3206230093-1823242880-2924292578-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3206230093-1823242880-2924292578-1006\..\Toolbar\ShellBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-21-3206230093-1823242880-2924292578-1006\..\Toolbar\WebBrowser: (no name) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No CLSID value found.
O3 - HKU\S-1-5-21-3206230093-1823242880-2924292578-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe (PC Pitstop, LLC.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-3206230093-1823242880-2924292578-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NMSU VPN Client.lnk = C:\Program Files\NMSU\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QUIKSYNC.EXE (Iomega)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3206230093-1823242880-2924292578-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC}
https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D}
http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
http://java.sun.com/products/plugin/aut ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{01cffacf-10d5-11dd-95af-0016762c1bb9}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{01cffacf-10d5-11dd-95af-0016762c1bb9}\Shell\Shell00\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{01cffacf-10d5-11dd-95af-0016762c1bb9}\Shell\Shell01\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{01cffacf-10d5-11dd-95af-0016762c1bb9}\Shell\Shell02\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{0fd8cabc-53e8-11dc-948d-0016762c1bb9}\Shell - "" = AutoRun
O33 - MountPoints2\{0fd8cabc-53e8-11dc-948d-0016762c1bb9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0fd8cabc-53e8-11dc-948d-0016762c1bb9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{890e7db4-1388-11df-9861-0016762c1bb9}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/10/01 12:40:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
[2010/09/28 12:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/28 12:30:28 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\James\Desktop\HJTInstall.exe
[2010/09/26 22:09:09 | 011,772,872 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\James\Desktop\windows-kb890830-v3.11.exe
[2010/09/26 17:18:48 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\James\Desktop\spybotsd162.exe
[2010/09/26 17:14:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Application Data\SUPERAntiSpyware.com
[2010/09/26 17:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/26 15:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/09/26 15:52:50 | 009,458,552 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\James\Desktop\SUPERAntiSpyware.exe
[2010/09/25 21:44:33 | 008,534,336 | ---- | C] (Mozilla) -- C:\Documents and Settings\James\Desktop\Firefox Setup 3.6.10.exe
[2010/09/25 20:09:21 | 000,787,000 | ---- | C] (Prevx) -- C:\Documents and Settings\James\Desktop\prevxcsifree.exe
[2010/09/24 21:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\My Documents\New Folder (2)
[2010/09/21 23:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\My Documents\camera
[2010/09/21 23:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Local Settings\Application Data\WMTools Downloaded Files
[2010/09/11 23:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\VIA
[2010/09/11 23:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\My Documents\driver junk
[2010/04/30 22:35:06 | 003,249,480 | ---- | C] (Unity Technologies ApS) -- C:\Program Files\UnityWebPlayer.exe
[2010/01/11 13:52:54 | 000,564,064 | ---- | C] (Google Inc.) -- C:\Program Files\googleupdatesetup.exe
[2010/01/06 00:31:55 | 078,812,208 | ---- | C] (MakeMusic) -- C:\Program Files\FinReaderWin.exe
[24 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[1028 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\James\My Documents\*.tmp files -> C:\Documents and Settings\James\My Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/10/01 12:40:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
[2010/10/01 12:11:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/01 12:08:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/01 12:07:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/01 12:07:50 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/01 06:35:26 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\James\NTUSER.DAT
[2010/10/01 06:35:26 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\James\ntuser.ini
[2010/09/29 23:00:00 | 000,000,530 | ---- | M] () -- C:\WINDOWS\tasks\Daily.job
[2010/09/29 16:24:39 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Damaged Wheelchair.doc
[2010/09/29 16:15:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/28 12:42:35 | 000,366,080 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Fake Anti-virus.doc
[2010/09/28 12:35:33 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Hijack this Log.doc
[2010/09/28 12:30:47 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\James\Desktop\HijackThis.lnk
[2010/09/28 12:30:29 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\James\Desktop\HJTInstall.exe
[2010/09/27 22:50:59 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\James\My Documents\CONTACT WHIRLPOOL.doc
[2010/09/27 16:50:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/27 15:25:51 | 000,211,456 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Computer Reviews.doc
[2010/09/27 13:56:24 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\James\My Documents\brother letter 2.doc
[2010/09/26 23:15:00 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\James\My Documents\IBM on WPM Vulnerabilities.doc
[2010/09/26 23:14:22 | 000,173,568 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Report on Fake Antivirus program download.doc
[2010/09/26 22:48:14 | 000,173,568 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Fake Antivirus program download.doc
[2010/09/26 22:20:04 | 011,772,872 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\James\Desktop\windows-kb890830-v3.11.exe
[2010/09/26 18:37:41 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/26 18:37:41 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\James\Desktop\Spybot - Search & Destroy.lnk
[2010/09/26 17:20:27 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\James\Desktop\spybotsd162.exe
[2010/09/26 17:14:25 | 000,001,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/26 17:10:28 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3206230093-1823242880-2924292578-1006UA.job
[2010/09/26 17:10:02 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3206230093-1823242880-2924292578-1006Core.job
[2010/09/26 17:09:46 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/26 15:53:44 | 009,458,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\James\Desktop\SUPERAntiSpyware.exe
[2010/09/26 14:45:17 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\James\My Documents\System Restore incomplete.doc
[2010/09/26 14:45:17 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\James\My Documents\~$stem Restore incomplete.doc
[2010/09/26 14:30:54 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\James\My Documents\ERROR--system could not be restored.doc
[2010/09/26 14:22:26 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\James\My Documents\ERROR--s.doc
[2010/09/26 13:57:33 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\James\My Documents\XP System Restore.doc
[2010/09/26 06:51:20 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/09/25 22:59:35 | 000,067,584 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Microsoft Security Bulletin MS10.doc
[2010/09/25 21:45:25 | 000,001,630 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/25 21:45:25 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/09/25 21:44:55 | 008,534,336 | ---- | M] (Mozilla) -- C:\Documents and Settings\James\Desktop\Firefox Setup 3.6.10.exe
[2010/09/25 21:17:35 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/25 21:17:24 | 000,526,814 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/25 21:17:24 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/25 21:17:24 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/25 20:57:40 | 000,027,656 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys
[2010/09/25 20:57:40 | 000,022,024 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/09/25 20:57:38 | 000,000,174 | ---- | M] () -- C:\WINDOWS\WinInit.ini
[2010/09/25 20:09:21 | 000,787,000 | ---- | M] (Prevx) -- C:\Documents and Settings\James\Desktop\prevxcsifree.exe
[2010/09/24 23:47:23 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\James\My Documents\When Israel was in Egypt6.doc
[2010/09/24 23:27:05 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Long friends3.doc
[2010/09/24 20:45:31 | 000,000,074 | ---- | M] () -- C:\Documents and Settings\James\Application Data\evplay.prf
[2010/09/24 20:45:11 | 000,003,687 | ---- | M] () -- C:\Documents and Settings\James\Application Data\evpro32.prf
[2010/09/24 20:14:21 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Breckwell Pellet Stove.doc
[2010/09/24 15:33:54 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Home insurance 9-24-10.doc
[2010/09/23 23:36:26 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Long friends.doc
[2010/09/23 23:02:26 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\James\My Documents\When Israel was in Egypt5.doc
[2010/09/23 22:40:14 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\James\My Documents\When Israel was in Egypt4.doc
[2010/09/23 20:54:33 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\James\My Documents\When Israel was in Egypt3.doc
[2010/09/23 20:53:07 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\James\My Documents\When Israel was in Egypt2.doc
[2010/09/23 14:45:54 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\James\My Documents\When Israel was in Egypt.doc
[2010/09/22 22:24:07 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\James\My Documents\American Airlines Customer Relation1.doc
[2010/09/22 22:00:35 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\James\My Documents\American Airlines Agreement.doc
[2010/09/22 16:33:58 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/09/22 14:59:27 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\James\My Documents\flying dates and times.doc
[2010/09/22 14:56:35 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Buying tickets cheap.doc
[2010/09/22 14:47:43 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Foo 9-21-10.doc
[2010/09/22 14:07:21 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Home insurance 9-22-10.doc
[2010/09/22 11:27:28 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\James\My Documents\American Airlines Customer Relations.doc
[2010/09/22 11:16:31 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\James\My Documents\American Airlines Ripoff.doc
[2010/09/21 23:39:30 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Formatting a Secondary Hard Drive.doc
[2010/09/21 23:17:04 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\James\My Documents\FDA cutting corners.doc
[2010/09/21 12:16:02 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Brother Corporate Headquarters.doc
[2010/09/18 14:07:13 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Foo 9-14-10.doc
[2010/09/17 13:49:48 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Office Max.doc
[2010/09/16 23:48:33 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\James\My Documents\HP Knowingly Selling Extremely Defective Pavilion Elite PCs.doc
[2010/09/16 23:48:11 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Super Snake.doc
[2010/09/16 23:37:04 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\James\My Documents\ZT Affinity 7391Mi Desktop PC.doc
[2010/09/16 23:20:15 | 000,067,584 | ---- | M] () -- C:\Documents and Settings\James\My Documents\RESCUECOM reliability ratings see Apple jump from 3rd to 2nd.doc
[2010/09/16 23:15:06 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\James\My Documents\reliable computers.doc
[2010/09/16 18:51:14 | 001,189,888 | ---- | M] () -- C:\Documents and Settings\James\My Documents\New sports car Ratings.doc
[2010/09/16 14:21:45 | 000,068,768 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/16 14:20:43 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2010/09/16 14:20:43 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2010/09/16 13:47:42 | 000,438,272 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Walking to Caesarea.doc
[2010/09/15 11:58:51 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Disability Insurance Benefit Payments IRS.doc
[2010/09/15 11:58:32 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\James\My Documents\~$sability Insurance Benefit Payments IRS.doc
[2010/09/14 22:43:42 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\James\My Documents\picasa downgrade.doc
[2010/09/14 18:07:41 | 000,000,806 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/14 15:16:13 | 000,003,874 | ---- | M] () -- C:\Documents and Settings\James\Application Data\SAS7_000.DAT
[2010/09/13 14:20:19 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Hello Donna.doc
[2010/09/13 13:49:53 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\James\My Documents\I regret to say that I did pull cigarettes out the garbage.doc
[2010/09/12 17:59:01 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Jan Fell.doc
[2010/09/11 22:20:42 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\James\My Documents\ownloaded the driver package version V5.doc
[2010/09/11 16:11:00 | 000,123,904 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Dear AA.doc
[2010/09/11 15:09:35 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\James\My Documents\The airline has notified us of a change to your itinerary and they have.doc
[2010/09/09 17:38:11 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Dr Sierra Note 9-8-10.doc
[2010/09/09 16:08:42 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\James\My Documents\A Summer of Hummingbirds.doc
[2010/09/09 16:08:38 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Lives like Loaded Guns.doc
[2010/09/09 16:08:33 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\James\My Documents\The Viking in the Wheat Field.doc
[2010/09/09 15:19:59 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Uncontrolled Risk.doc
[2010/09/09 14:56:53 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Confessions of a Buddhist atheist.doc
[2010/09/08 19:47:30 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Broken dishwasher.doc
[2010/09/08 18:01:55 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Dearborn income 2008.xls
[2010/09/08 17:57:19 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\James\Desktop\IRS letter Revised 9-8-10.doc
[2010/09/08 16:20:36 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Foo.doc
[2010/09/08 15:43:09 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\James\My Documents\More IRS.doc
[2010/09/08 15:08:25 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Hip Operation questions.doc
[2010/09/08 14:33:45 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Faubion note 9-8-10.doc
[2010/09/08 12:51:08 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Flight to FL.doc
[2010/09/07 21:25:25 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\James\Desktop\IRS letter.doc
[2010/09/07 15:03:41 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Barry Martin.doc
[2010/09/07 14:57:20 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Jackie Griffin NMSU Benefits Services.doc
[2010/09/06 23:23:19 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\James\My Documents\todo 9-3-10.doc
[2010/09/06 23:22:08 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Lowes 7-23-10.doc
[2010/09/04 21:44:41 | 000,479,744 | ---- | M] () -- C:\Documents and Settings\James\My Documents\MASTRESSES.doc
[2010/09/04 17:54:37 | 000,164,864 | ---- | M] () -- C:\Documents and Settings\James\My Documents\sears weedeaters.doc
[2010/09/01 18:12:57 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Tax liability For Long-Term Disability Insurance, 2008.doc
[2010/09/01 13:08:04 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\James\My Documents\ever to explain.doc
[1028 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\James\My Documents\*.tmp files -> C:\Documents and Settings\James\My Documents\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/09/28 12:35:33 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Hijack this Log.doc
[2010/09/28 12:30:47 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\James\Desktop\HijackThis.lnk
[2010/09/27 15:21:09 | 000,211,456 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Computer Reviews.doc
[2010/09/27 13:56:24 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\James\My Documents\brother letter 2.doc
[2010/09/26 23:14:21 | 000,173,568 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Report on Fake Antivirus program download.doc
[2010/09/26 23:13:07 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\James\My Documents\IBM on WPM Vulnerabilities.doc
[2010/09/26 21:59:29 | 000,173,568 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Fake Antivirus program download.doc
[2010/09/26 21:26:00 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\James\My Documents\CONTACT WHIRLPOOL.doc
[2010/09/26 18:37:41 | 000,000,961 | ---- | C] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/26 18:37:41 | 000,000,943 | ---- | C] () -- C:\Documents and Settings\James\Desktop\Spybot - Search & Destroy.lnk
[2010/09/26 17:14:25 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/26 14:45:17 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\James\My Documents\System Restore incomplete.doc
[2010/09/26 14:45:17 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\James\My Documents\~$stem Restore incomplete.doc
[2010/09/26 14:22:42 | 000,051,712 | ---- | C] () -- C:\Documents and Settings\James\My Documents\ERROR--system could not be restored.doc
[2010/09/26 14:22:26 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\James\My Documents\ERROR--s.doc
[2010/09/26 13:57:33 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\James\My Documents\XP System Restore.doc
[2010/09/25 22:45:33 | 000,067,584 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Microsoft Security Bulletin MS10.doc
[2010/09/25 21:45:25 | 000,001,630 | ---- | C] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/25 21:45:25 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/09/25 21:17:18 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/09/25 20:37:37 | 000,366,080 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Fake Anti-virus.doc
[2010/09/24 23:18:20 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\James\My Documents\When Israel was in Egypt6.doc
[2010/09/24 20:45:31 | 000,000,074 | ---- | C] () -- C:\Documents and Settings\James\Application Data\evplay.prf
[2010/09/24 15:38:26 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Breckwell Pellet Stove.doc
[2010/09/24 15:28:16 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Home insurance 9-24-10.doc
[2010/09/23 23:36:39 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Long friends3.doc
[2010/09/23 22:42:02 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\James\My Documents\When Israel was in Egypt5.doc
[2010/09/23 22:36:31 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\James\My Documents\When Israel was in Egypt4.doc
[2010/09/23 20:54:33 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\James\My Documents\When Israel was in Egypt3.doc
[2010/09/23 14:47:15 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\James\My Documents\When Israel was in Egypt2.doc
[2010/09/23 12:12:17 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\James\My Documents\When Israel was in Egypt.doc
[2010/09/22 22:24:06 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\James\My Documents\American Airlines Customer Relation1.doc
[2010/09/22 22:00:35 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\James\My Documents\American Airlines Agreement.doc
[2010/09/22 14:59:18 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\James\My Documents\flying dates and times.doc
[2010/09/22 14:51:19 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Buying tickets cheap.doc
[2010/09/22 14:07:21 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Home insurance 9-22-10.doc
[2010/09/22 11:26:54 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\James\My Documents\American Airlines Customer Relations.doc
[2010/09/21 23:30:06 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Formatting a Secondary Hard Drive.doc
[2010/09/21 19:59:37 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Foo 9-21-10.doc
[2010/09/21 19:44:01 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\James\My Documents\FDA cutting corners.doc
[2010/09/21 11:43:21 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Long friends.doc
[2010/09/17 13:43:18 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Office Max.doc
[2010/09/16 23:48:11 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Super Snake.doc
[2010/09/16 23:37:04 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\James\My Documents\ZT Affinity 7391Mi Desktop PC.doc
[2010/09/16 23:20:14 | 000,067,584 | ---- | C] () -- C:\Documents and Settings\James\My Documents\RESCUECOM reliability ratings see Apple jump from 3rd to 2nd.doc
[2010/09/16 23:14:02 | 000,100,864 | ---- | C] () -- C:\Documents and Settings\James\My Documents\reliable computers.doc
[2010/09/16 22:21:47 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\James\My Documents\HP Knowingly Selling Extremely Defective Pavilion Elite PCs.doc
[2010/09/16 18:48:55 | 001,189,888 | ---- | C] () -- C:\Documents and Settings\James\My Documents\New sports car Ratings.doc
[2010/09/16 14:20:43 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2010/09/16 14:20:43 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2010/09/16 13:47:41 | 000,438,272 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Walking to Caesarea.doc
[2010/09/15 22:32:49 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Foo 9-14-10.doc
[2010/09/15 11:58:32 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\James\My Documents\~$sability Insurance Benefit Payments IRS.doc
[2010/09/15 11:58:31 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Disability Insurance Benefit Payments IRS.doc
[2010/09/14 22:43:42 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\James\My Documents\picasa downgrade.doc
[2010/09/13 14:19:24 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Hello Donna.doc
[2010/09/13 13:23:31 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\James\My Documents\I regret to say that I did pull cigarettes out the garbage.doc
[2010/09/12 17:32:05 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Jan Fell.doc
[2010/09/11 22:20:41 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\James\My Documents\ownloaded the driver package version V5.doc
[2010/09/11 17:47:53 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Brother Corporate Headquarters.doc
[2010/09/11 15:09:35 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\James\My Documents\The airline has notified us of a change to your itinerary and they have.doc
[2010/09/09 16:01:27 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\James\My Documents\The Viking in the Wheat Field.doc
[2010/09/09 15:27:14 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Lives like Loaded Guns.doc
[2010/09/09 15:25:24 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\James\My Documents\A Summer of Hummingbirds.doc
[2010/09/09 15:04:14 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Uncontrolled Risk.doc
[2010/09/08 19:46:42 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Broken dishwasher.doc
[2010/09/08 17:47:38 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\James\Desktop\IRS letter Revised 9-8-10.doc
[2010/09/08 15:27:11 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\James\My Documents\More IRS.doc
[2010/09/08 15:09:01 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Dr Sierra Note 9-8-10.doc
[2010/09/08 14:30:27 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Faubion note 9-8-10.doc
[2010/09/08 12:51:08 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Flight to FL.doc
[2010/09/07 20:46:51 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\James\Desktop\IRS letter.doc
[2010/09/06 17:49:53 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Confessions of a Buddhist atheist.doc
[2010/09/06 17:44:13 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Foo.doc
[2010/09/04 17:53:46 | 000,164,864 | ---- | C] () -- C:\Documents and Settings\James\My Documents\sears weedeaters.doc
[2010/09/03 22:23:13 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Barry Martin.doc
[2010/09/03 13:25:56 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\James\My Documents\todo 9-3-10.doc
[2010/09/02 15:08:21 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Damaged Wheelchair.doc
[2010/09/01 18:55:02 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Dearborn income 2008.xls
[2010/09/01 17:53:06 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Jackie Griffin NMSU Benefits Services.doc
[2010/09/01 17:44:37 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Tax liability For Long-Term Disability Insurance, 2008.doc
[2010/09/01 12:52:51 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\James\My Documents\ever to explain.doc
[2010/07/20 17:13:40 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/07/20 17:13:40 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/07/20 17:13:40 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/05/25 13:02:54 | 000,000,182 | ---- | C] () -- C:\WINDOWS\dgnsetup.ini
[2010/05/15 21:11:05 | 000,000,172 | ---- | C] () -- C:\WINDOWS\WinInit.ini.backup
[2010/02/21 14:48:51 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2010/02/21 14:48:50 | 000,000,543 | ---- | C] () -- C:\WINDOWS\SWISV3.INI
[2010/02/21 14:48:47 | 000,000,287 | ---- | C] () -- C:\WINDOWS\SKNIFE.INI
[2010/02/21 14:48:10 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2009/07/23 13:27:31 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/07/23 13:25:03 | 000,000,811 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/07/23 13:25:03 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/07/23 13:24:33 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2009/07/23 13:24:10 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/07/23 13:24:08 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/07/23 13:13:08 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/10/13 22:37:08 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\James\Application Data\PFP120JPR.{PB
[2008/10/13 22:37:08 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\James\Application Data\PFP120JCM.{PB
[2008/10/10 05:13:57 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2008/09/29 21:17:34 | 000,014,721 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/08/17 22:39:54 | 000,001,102 | ---- | C] () -- C:\Documents and Settings\James\Application Data\.googlewebacchosts
[2007/08/29 11:22:40 | 000,003,874 | ---- | C] () -- C:\Documents and Settings\James\Application Data\SAS7_000.DAT
[2007/08/29 10:55:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2007/08/16 22:07:45 | 000,139,288 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/03/31 23:56:14 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\127F6BE765.sys
[2007/01/27 18:40:01 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\James\Application Data\dvd.bmk
[2006/12/18 14:53:04 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/12/18 14:53:04 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/07/30 21:12:25 | 000,003,687 | ---- | C] () -- C:\Documents and Settings\James\Application Data\evpro32.prf
[2006/05/23 11:09:30 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\fusioncache.dat
[2006/05/20 18:35:15 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/13 19:24:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/04/27 20:13:13 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/27 11:29:37 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/27 11:29:37 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\65E76B7F12.sys
[2006/04/22 15:15:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/17 08:20:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/17 08:14:37 | 000,000,174 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2006/04/17 08:08:12 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/04/17 07:42:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/04/17 07:41:58 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 11:51:23 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003130_.tmp.dll
[2004/08/10 11:51:10 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003162_.tmp.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/06 02:01:58 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
========== Alternate Data Streams ========== @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >