Everytime that I try to post from my computer, the browers times out (IE, FF). I am using my work computer for this post.
madchemist
OTL logfile created on: 6/29/2010 10:52:43 PM - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Todd.D3WDNL11.000\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
511.00 Mb Total Physical Memory | 147.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 0.00 Gb Available in Paging File | 30.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 41.93 Gb Free Space | 56.31% Space Free | Partition Type: NTFS
Drive D: | 469.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 544.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MADCHEMIST
Current User Name: Todd
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Todd.D3WDNL11.000\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SYSTEM32\devldr32.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe (Roxio)
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Todd.D3WDNL11.000\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\SYSTEM32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
========== Driver Services (SafeList) ========== DRV - (aswMon2) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys (ALWIL Software)
DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (oreans32) -- C:\WINDOWS\SYSTEM32\DRIVERS\oreans32.sys ()
DRV - (MxlW2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\MxlW2k.sys (MusicMatch, Inc.)
DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Cdr4_xp) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys (Roxio)
DRV - (Cdralw2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys (Roxio)
DRV - (emu10k) Creative SB Live! (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\emu10k1m.sys (Creative Technology Ltd.)
DRV - (sfman) Creative SoundFont Manager Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) Creative Interface Manager Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctlfacem.sys (Creative Technology Ltd.)
DRV - (dvd_2K) -- C:\WINDOWS\SYSTEM32\DRIVERS\Dvd_2k.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\SYSTEM32\DRIVERS\Mmc_2k.sys (Roxio)
DRV - (pwd_2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\pwd_2K.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.sys (Roxio)
DRV - (UdfReadr_xp) -- C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr_xp.sys (Roxio)
DRV - (rtl8139) -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.sys (Realtek Semiconductor Corporation )
DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys (Microsoft Corporation)
DRV - (hpt3xx) -- C:\WINDOWS\System32\DRIVERS\hpt3xx.sys (HighPoint Technologies, Inc.)
DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (hsf_msft) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_MSFT.sys (Conexant)
DRV - (ctljystk) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctljystk.sys (Creative Technology Ltd.)
DRV - (nv4) -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4.SYS (NVIDIA Corporation)
DRV - (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\AC97INTC.SYS (Intel Corporation)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)
DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\hsf_cnxt.sys (Conexant Systems)
DRV - (SpeakerPhone) -- C:\WINDOWS\SYSTEM32\DRIVERS\spkpnt.sys (Conexant Systems)
DRV - (K56) -- C:\WINDOWS\SYSTEM32\DRIVERS\k56nt.sys (Conexant Systems)
DRV - (Fsks) -- C:\WINDOWS\SYSTEM32\DRIVERS\fsksnt.sys (Conexant Systems)
DRV - (SoftFax) -- C:\WINDOWS\SYSTEM32\DRIVERS\faxnt.sys (Conexant Systems)
DRV - (Tones) -- C:\WINDOWS\SYSTEM32\DRIVERS\tonesnt.sys (Conexant Systems)
DRV - (Fallback) -- C:\WINDOWS\SYSTEM32\DRIVERS\fallback.sys (Conexant Systems)
DRV - (basic2) -- C:\WINDOWS\SYSTEM32\DRIVERS\basic2.sys (Conexant Systems)
DRV - (Rksample) -- C:\WINDOWS\SYSTEM32\DRIVERS\rksample.sys (Conexant Systems)
DRV - (V124) -- C:\WINDOWS\SYSTEM32\DRIVERS\v124nt.sys (Conexant Systems)
DRV - (bvrp_pci) -- C:\WINDOWS\SYSTEM32\DRIVERS\bvrp_pci.sys ()
DRV - (PfModNT) -- C:\WINDOWS\SYSTEM32\PfModNT.sys (Creative Technology Ltd.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://education.dellnet.com/IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page =
http://education.dellnet.com/IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://education.dellnet.com/IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://education.dellnet.com/IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page =
http://education.dellnet.com/IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://education.dellnet.com/IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-769079328-1850456698-4159782051-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://education.dellnet.com/IE - HKU\S-1-5-21-769079328-1850456698-4159782051-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
https://mail.johnpauliihs.org/exchange/IE - HKU\S-1-5-21-769079328-1850456698-4159782051-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-769079328-1850456698-4159782051-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.webhost4life.com/mail/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/27 22:05:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/27 22:05:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape 7\Components [2010/06/26 20:29:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape 7\Plugins [2009/09/17 17:58:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.1.2.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components
FF - HKLM\software\mozilla\Netscape Browser 8.1.2.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins
[2008/11/30 14:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd.D3WDNL11.000\Application Data\Mozilla\Extensions
[2010/06/29 21:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd.D3WDNL11.000\Application Data\Mozilla\Firefox\Profiles\cl1nx8na.default\extensions
[2009/09/03 06:51:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Todd.D3WDNL11.000\Application Data\Mozilla\Firefox\Profiles\cl1nx8na.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/29 21:28:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/06/26 09:48:15 | 000,408,553 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1
www.007guard.comO1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1
www.008k.comO1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1
www.00hq.comO1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1
www.032439.comO1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1
www.0scan.comO1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1
www.1000gratisproben.comO1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1
www.1001namen.comO1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1
www.100888290cs.comO1 - Hosts: 127.0.0.1
www.100sexlinks.comO1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1
www.10sek.comO1 - Hosts: 127.0.0.1
www.1-2005-search.comO1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14129 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-769079328-1850456698-4159782051-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-769079328-1850456698-4159782051-1007\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-769079328-1850456698-4159782051-1007\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQINIT.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BuildBU] c:\DELL\BLDBUBG.EXE ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-769079328-1850456698-4159782051-1007..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-769079328-1850456698-4159782051-1007..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-769079328-1850456698-4159782051-1007..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-769079328-1850456698-4159782051-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O7 - HKU\S-1-5-21-769079328-1850456698-4159782051-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-769079328-1850456698-4159782051-1007\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-769079328-1850456698-4159782051-1007\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-769079328-1850456698-4159782051-1007\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-769079328-1850456698-4159782051-1007\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}
http://download.microsoft.com/download/ ... ontrol.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF}
http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}
http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C}
http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe (Reg Error: Key error.)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71}
http://207.188.7.150/04fb2e0ef9845c02a9 ... RdxIE2.cab (Reg Error: Key error.)
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE}
http://office.microsoft.com/productupda ... t/opuc.cab (OPUCatalog Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F}
http://v4.windowsupdate.microsoft.com/C ... 1997453704 (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}
http://office.microsoft.com/officeupdat ... /opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
http://java.sun.com/products/plugin/1.4 ... s-i586.cab (Java Plug-in 1.4.1_02)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8}
http://3dlifeplayer.dl.3dvia.com/player ... taller.exe (Virtools WebPlayer Class)
O16 - DPF: Microsoft XML Parser for Java
file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.96.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - File not found
O24 - Desktop WallPaper: C:\WINDOWS\ptable.gif
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Todd.D3WDNL11.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/30 12:00:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/30 12:00:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.sav -- [ NTFS ]
O32 - AutoRun File - [1998/09/09 08:23:30 | 000,440,320 | R--- | M] (Meyer/Glass Interactive) - D:\AUTOLOAD.EXE -- [ CDFS ]
O32 - AutoRun File - [1998/07/09 20:54:04 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2000/04/02 12:36:38 | 000,000,030 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{8b26b590-855c-11da-b388-00c0a87eafb4}\Shell\AutoRun\command - "" = ntdelect.com
O33 - MountPoints2\{8b26b590-855c-11da-b388-00c0a87eafb4}\Shell\explore\Command - "" = ntdelect.com
O33 - MountPoints2\{8b26b590-855c-11da-b388-00c0a87eafb4}\Shell\open\Command - "" = ntdelect.com
O33 - MountPoints2\{d3077bc1-8b17-11d6-8db7-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{d3077bc1-8b17-11d6-8db7-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d3077bc1-8b17-11d6-8db7-806d6172696f}\Shell\AutoRun\command - "" = D:\AUTOLOAD.EXE -- [1998/09/09 08:23:30 | 000,440,320 | R--- | M] (Meyer/Glass Interactive)
O33 - MountPoints2\{d3077bc2-8b17-11d6-8db7-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{d3077bc2-8b17-11d6-8db7-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d3077bc2-8b17-11d6-8db7-806d6172696f}\Shell\AutoRun\command - "" = E:\Launcher.exe -- [2000/05/02 10:32:38 | 000,339,968 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/06/29 20:41:43 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Todd.D3WDNL11.000\Desktop\OTL.exe
[2010/06/26 17:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/26 08:46:24 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Todd.D3WDNL11.000\Desktop\setup-spybotsd162.exe
[2010/06/25 14:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/01 21:43:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd.D3WDNL11.000\Desktop\Honeymoon photos
[2010/06/01 21:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd.D3WDNL11.000\Desktop\Thomas B-day and pool
[2002/07/09 09:15:06 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[2002/06/25 06:38:05 | 000,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/06/29 21:47:41 | 000,000,292 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/06/29 20:41:44 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd.D3WDNL11.000\Desktop\OTL.exe
[2010/06/29 20:40:14 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Todd.D3WDNL11.000\Desktop\Microsoft Word.lnk
[2010/06/29 18:05:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/06/29 18:04:59 | 535,904,256 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/28 21:52:01 | 011,272,192 | ---- | M] () -- C:\Documents and Settings\Todd.D3WDNL11.000\ntuser.dat
[2010/06/28 21:52:01 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Todd.D3WDNL11.000\NTUSER.INI
[2010/06/27 21:30:46 | 000,000,195 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010/06/26 17:22:16 | 000,002,008 | ---- | M] () -- C:\Documents and Settings\Todd.D3WDNL11.000\Desktop\HiJackThis.lnk
[2010/06/26 17:18:45 | 000,002,639 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/26 09:48:15 | 000,408,553 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2010/06/26 09:19:46 | 000,000,960 | ---- | M] () -- C:\Documents and Settings\Todd.D3WDNL11.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/06/26 08:47:11 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Todd.D3WDNL11.000\Desktop\setup-spybotsd162.exe
[2010/06/26 00:14:54 | 002,646,654 | -H-- | M] () -- C:\Documents and Settings\Todd.D3WDNL11.000\Local Settings\Application Data\IconCache.db
[2010/06/22 23:46:34 | 000,505,378 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/22 23:46:34 | 000,443,942 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/06/22 23:46:34 | 000,072,446 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/06/22 23:27:07 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/06/14 14:45:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\ELOG3.DAT
[2010/06/14 14:43:33 | 000,000,193 | ---- | M] () -- C:\DEFAULT2.EPD
[2010/06/13 17:49:39 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\Todd.D3WDNL11.000\Desktop\Workshop Assignment & Reimbursement Abronowitz T Brownsville final.xls
[2010/06/13 10:53:44 | 000,150,019 | ---- | M] () -- C:\Documents and Settings\Todd.D3WDNL11.000\Desktop\photo.jpg
[2010/06/13 10:50:52 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\Todd.D3WDNL11.000\Desktop\Workshop Assignment & Reimbursement Abronowitz T Brownsville.xls
[2010/06/12 18:05:17 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/12 17:50:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/05 11:49:19 | 000,422,912 | ---- | M] () -- C:\Documents and Settings\Todd.D3WDNL11.000\Desktop\LC Lab Form and Vendor Order Form Abronowitz.xls
[2010/06/04 20:27:11 | 000,309,248 | ---- | M] () -- C:\Documents and Settings\Todd.D3WDNL11.000\Desktop\Chemistry Requested Lab Materials.doc
[2010/06/04 20:27:08 | 000,341,504 | ---- | M] () -- C:\Documents and Settings\Todd.D3WDNL11.000\Desktop\AP Lead Consultants - Chemistry.msg
[2010/06/04 20:26:59 | 000,332,800 | ---- | M] () -- C:\Documents and Settings\Todd.D3WDNL11.000\Desktop\Rice AP Lead Science Consultant.msg
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/06/26 17:22:16 | 000,002,008 | ---- | C] () -- C:\Documents and Settings\Todd.D3WDNL11.000\Desktop\HiJackThis.lnk
[2010/06/13 17:49:37 | 000,056,832 | ---- | C] () -- C:\Documents and Settings\Todd.D3WDNL11.000\Desktop\Workshop Assignment & Reimbursement Abronowitz T Brownsville final.xls
[2010/06/13 10:53:44 | 000,150,019 | ---- | C] () -- C:\Documents and Settings\Todd.D3WDNL11.000\Desktop\photo.jpg
[2010/06/13 10:50:52 | 000,063,488 | ---- | C] () -- C:\Documents and Settings\Todd.D3WDNL11.000\Desktop\Workshop Assignment & Reimbursement Abronowitz T Brownsville.xls
[2010/06/04 20:27:11 | 000,309,248 | ---- | C] () -- C:\Documents and Settings\Todd.D3WDNL11.000\Desktop\Chemistry Requested Lab Materials.doc
[2010/06/01 21:36:57 | 000,332,800 | ---- | C] () -- C:\Documents and Settings\Todd.D3WDNL11.000\Desktop\Rice AP Lead Science Consultant.msg
[2010/06/01 21:36:53 | 000,341,504 | ---- | C] () -- C:\Documents and Settings\Todd.D3WDNL11.000\Desktop\AP Lead Consultants - Chemistry.msg
[2009/04/11 19:43:52 | 000,001,011 | ---- | C] () -- C:\WINDOWS\EQNEDIT.INI
[2008/11/03 19:33:18 | 000,000,076 | ---- | C] () -- C:\WINDOWS\Setup Wizard.INI
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/08 22:48:15 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2007/07/20 22:49:44 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2006/11/01 03:57:24 | 001,138,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/06/01 17:10:25 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/02/26 04:08:28 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/01/18 23:05:37 | 000,000,818 | ---- | C] () -- C:\WINDOWS\CLARIS.INI
[2004/12/12 16:29:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2003/12/24 15:40:18 | 000,000,121 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2003/10/06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/07/28 23:07:47 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/07/10 00:17:00 | 000,002,690 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/06/14 13:50:22 | 000,000,195 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2003/05/25 16:04:35 | 000,009,472 | ---- | C] () -- C:\WINDOWS\unsqz.dll
[2003/05/25 16:04:07 | 000,000,024 | ---- | C] () -- C:\WINDOWS\@loha.ini
[2002/11/28 19:00:28 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2002/07/29 21:51:31 | 000,000,026 | ---- | C] () -- C:\WINDOWS\REGPSD20.INI
[2002/07/29 21:51:24 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2002/07/09 09:15:46 | 000,000,812 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2002/07/09 09:15:10 | 000,468,832 | ---- | C] () -- C:\WINDOWS\System32\Htkrnl16.dll
[2002/07/09 09:15:10 | 000,324,320 | ---- | C] () -- C:\WINDOWS\System32\XWMBA450.DLL
[2002/07/09 09:15:10 | 000,060,976 | ---- | C] () -- C:\WINDOWS\System32\XWMTE450.DLL
[2002/07/09 09:15:10 | 000,044,464 | ---- | C] () -- C:\WINDOWS\System32\XWMHN450.DLL
[2002/07/09 09:15:10 | 000,014,816 | ---- | C] () -- C:\WINDOWS\System32\Button3.dll
[2002/07/09 09:15:10 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\Gxwin.dll
[2002/07/09 09:15:09 | 000,083,520 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB.DLL
[2002/07/09 09:15:09 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\PCXWIN.DLL
[2002/07/09 09:15:05 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2002/07/09 09:15:05 | 000,335,360 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2002/07/09 09:15:05 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
[2002/07/02 14:49:56 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2002/07/01 21:13:50 | 000,000,807 | ---- | C] () -- C:\WINDOWS\PSDWIN.INI
[2002/07/01 21:13:41 | 000,000,560 | ---- | C] () -- C:\WINDOWS\PSDCWIN.INI
[2002/06/25 06:48:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/06/25 06:40:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/06/25 06:37:46 | 000,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
[2002/06/25 06:37:31 | 000,000,184 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/06/25 06:36:28 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2002/06/25 06:36:26 | 000,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2002/06/25 06:36:20 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2002/06/25 06:34:07 | 000,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/06/25 06:12:12 | 000,000,546 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2001/07/31 09:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[1998/08/20 07:29:14 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\DELPHIMM.DLL
< End of report >
OTL Extras logfile created on: 6/29/2010 10:52:43 PM - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Todd.D3WDNL11.000\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
511.00 Mb Total Physical Memory | 147.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 0.00 Gb Available in Paging File | 30.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 41.93 Gb Free Space | 56.31% Space Free | Partition Type: NTFS
Drive D: | 469.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 544.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MADCHEMIST
Current User Name: Todd
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-769079328-1850456698-4159782051-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{25EF00BE-F17B-11D6-88EA-000476CD2443}" = Verizon Online
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36495C59-089C-49D1-BD15-9E5BD86DC9A1}" = ItsDeductible Express
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{42082D6A-7C60-4CD9-B6FC-81E6F1FA96EF}" = Theme Park World Fix
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 4.1
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7FC2AF73-10ED-404E-84A8-636B452404FD}" = Realtek RTL8139 Diagnostics Program
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{90F80409-6000-11D3-8CFE-0150048383C9}" = Remove Hidden Data Tool
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91E8A85F-2960-40ED-BA84-7F4567BB00C0}" = Dell | Support
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9FE3CE51-F398-4D14-904C-A041F08438C3}" = HM Testing v6.1
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A9915D9A-D08A-4CDB-87FD-FC60CF15A11E}" = ImageX
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3436EE2-D5CB-4249-840B-3A0140CC34C1}" = PhoneTools
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AlliedGeneral" = Allied General Version 1.0.0
"Ashampoo Internet Accelerator 2_is1" = Ashampoo Internet Accelerator 2.10
"Ashampoo StartUp Tuner 2_is1" = Ashampoo StartUp Tuner 2.00
"Ashampoo WinOptimizer 5_is1" = Ashampoo WinOptimizer 5.11
"avast!" = avast! Antivirus
"Axis and Allies" = Axis and Allies
"CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0" = Conexant HSF V92 56K RTAD Speakerphone PCI Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DSMT4" = MathType 4
"Gary Grigsby's World At War1.202" = Gary Grigsby's World At War
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{9FE3CE51-F398-4D14-904C-A041F08438C3}" = HM Testing v6.1
"InstallShield_{A9915D9A-D08A-4CDB-87FD-FC60CF15A11E}" = Dell Picture Studio - Dell Image Expert
"Java Web Start" = Java Web Start
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Microsoft Office Converter Pack" = Microsoft Office Converter Pack
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netscape (7.1)" = Netscape (7.1)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Display Driver" = NVIDIA Display Driver
"QuickTime" = QuickTime
"RealPlayer 12.0" = RealPlayer
"Security Task Manager" = Security Task Manager 1.7h
"Shogun Total War" = Shogun Total War
"Sound Blaster Live! Value" = Sound Blaster Live! Value
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax Basic 2004" = TurboTax Basic 2004
"TurboTax Deluxe 2005" = TurboTax Deluxe 2005
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"ViewpointMediaPlayer" = Viewpoint Media Player
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-769079328-1850456698-4159782051-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MilitaryGame App" = MilitaryGame App
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
========== Last 10 Event Log Errors ========== [ Antivirus Events ]
Error - 11/8/2009 10:07:33 AM | Computer Name = MADCHEMIST | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://clients1.google.com/complete/sea ... r%22&cp=12 failed, 0000A413.
[ Application Events ]
Error - 6/27/2010 9:13:34 AM | Computer Name = MADCHEMIST | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 6/27/2010 9:13:34 AM | Computer Name = MADCHEMIST | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 6/27/2010 8:21:32 PM | Computer Name = MADCHEMIST | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 6/27/2010 8:21:32 PM | Computer Name = MADCHEMIST | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 6/28/2010 6:31:44 AM | Computer Name = MADCHEMIST | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 6/28/2010 6:31:44 AM | Computer Name = MADCHEMIST | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 6/28/2010 7:40:19 PM | Computer Name = MADCHEMIST | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 6/28/2010 7:40:20 PM | Computer Name = MADCHEMIST | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 6/29/2010 7:09:03 PM | Computer Name = MADCHEMIST | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally
Error - 6/29/2010 7:09:03 PM | Computer Name = MADCHEMIST | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
[ System Events ]
Error - 6/27/2010 8:22:04 PM | Computer Name = MADCHEMIST | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 6/27/2010 8:54:25 PM | Computer Name = MADCHEMIST | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 6/27/2010 8:54:25 PM | Computer Name = MADCHEMIST | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 6/28/2010 6:28:40 AM | Computer Name = MADCHEMIST | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 6/28/2010 6:28:40 AM | Computer Name = MADCHEMIST | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 6/28/2010 7:37:26 PM | Computer Name = MADCHEMIST | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 6/28/2010 7:37:26 PM | Computer Name = MADCHEMIST | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 6/29/2010 7:05:26 PM | Computer Name = MADCHEMIST | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 6/29/2010 7:05:26 PM | Computer Name = MADCHEMIST | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 6/29/2010 8:22:06 PM | Computer Name = MADCHEMIST | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
< End of report >