OTL logfile created on: 1/31/2013 4:07:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Elizabeth Gries\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.98 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 60.63% Memory free
4.29 Gb Paging File | 3.15 Gb Available in Paging File | 73.35% Paging File free
Paging file location(s): C:\pagefile.sys 1500 3000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 784.38 Gb Free Space | 84.21% Space Free | Partition Type: NTFS
Computer Name: MAGENTA-ANGEL | User Name: Elizabeth Gries | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Elizabeth Gries\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Elizabeth Gries\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Documents and Settings\Elizabeth Gries\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\yt2mp3_updater.exe (Sevas-S)
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Documents and Settings\Elizabeth Gries\Local Settings\Application Data\Sevas-S\My Smart Tabs\smtb_updater.exe (Sevas-S)
PRC - C:\Documents and Settings\Elizabeth Gries\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\yt2mp3converter.exe (Sevas-S)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Documents and Settings\Elizabeth Gries\Local Settings\Apps\F.lux\flux.exe ()
PRC - C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\AMT\atchksrv.exe (Intel Corporation)
PRC - C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel)
========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Documents and Settings\Elizabeth Gries\Local Settings\Apps\F.lux\flux.exe ()
MOD - C:\Program Files\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (atchksrv) -- C:\Program Files\Intel\AMT\atchksrv.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files\Intel\AMT\LMS.exe (Intel)
========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HECI) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes\{4328660F-5AAA-426C-AA2F-D71DEBB85270}: "URL" =
http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_CA&apn_ptnrs=^AGX&apn_dtid=^YYYYYY^YY^CA&apn_uid=3951bdb0-55e7-4d94-a905-a4c3265e40f7&apn_sauid=5D56E4C7-26AE-4EA0-A716-35328D5DE530
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\..\SearchScopes\{4328660F-5AAA-426C-AA2F-D71DEBB85270}: "URL" =
http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_CA&apn_ptnrs=^AGX&apn_dtid=^YYYYYY^YY^CA&apn_uid=3951bdb0-55e7-4d94-a905-a4c3265e40f7&apn_sauid=5D56E4C7-26AE-4EA0-A716-35328D5DE530
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://search.avira.com/?l=dis&o=APN102 ... cale=en_CAIE - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004\..\SearchScopes\{C6475BDE-AE45-4879-9CA6-8E935592C4FA}: "URL" =
http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGX&apn_dtid=^YYYYYY^YY^CA&apn_uid=3951bdb0-55e7-4d94-a905-a4c3265e40f7&apn_sauid=5D56E4C7-26AE-4EA0-A716-35328D5DE530
IE - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://www.google.ca/"
FF - prefs.js..extensions.enabledAddons: %7B36C563FF-1D8E-47FA-8E69-4C4E29302B45%7D:1.1.0
FF - prefs.js..extensions.enabledAddons: %7BB18B1E5C-4D81-11E1-9C00-AFEB4824019B%7D:1.1.4
FF - prefs.js..extensions.enabledAddons: %7BE90FA778-C2B7-41D0-9FA9-3FEC1CA54D66%7D:1.0.14
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10266&locale=en_CA&apn_uid=3951bdb0-55e7-4d94-a905-a4c3265e40f7&apn_ptnrs=%5EAGX&apn_sauid=5D56E4C7-26AE-4EA0-A716-35328D5DE530&apn_dtid=%5EYYYYYY%5EYY%5ECA&&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/03 12:28:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/18 14:25:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/18 14:25:51 | 000,000,000 | ---D | M]
[2011/07/02 21:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elizabeth Gries\Application Data\Mozilla\Extensions
[2012/11/11 10:29:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elizabeth Gries\Application Data\Mozilla\Firefox\Profiles\1zkfajhr.default\extensions
[2012/08/04 15:41:08 | 000,000,000 | ---D | M] ("Youtube to MP3 Converter") -- C:\Documents and Settings\Elizabeth Gries\Application Data\Mozilla\Firefox\Profiles\1zkfajhr.default\extensions\{B18B1E5C-4D81-11E1-9C00-AFEB4824019B}
[2012/10/24 23:36:18 | 000,302,826 | ---- | M] () (No name found) -- C:\Documents and Settings\Elizabeth Gries\Application Data\Mozilla\Firefox\Profiles\1zkfajhr.default\extensions\{36C563FF-1D8E-47FA-8E69-4C4E29302B45}.xpi
[2012/06/14 07:28:44 | 000,236,651 | ---- | M] () (No name found) -- C:\Documents and Settings\Elizabeth Gries\Application Data\Mozilla\Firefox\Profiles\1zkfajhr.default\extensions\{E90FA778-C2B7-41D0-9FA9-3FEC1CA54D66}.xpi
[2012/11/08 07:52:21 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Application Data\Mozilla\Firefox\Profiles\1zkfajhr.default\searchplugins\askcom.xml
[2013/01/18 14:25:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/18 14:25:55 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/13 04:37:24 | 000,099,136 | ---- | M] (SEVAS-S LLC) -- C:\Program Files\mozilla firefox\plugins\npmysmarttabnpapi.dll
[2012/08/30 07:30:10 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/12 09:55:34 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2011/07/02 21:57:13 | 000,001,926 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1
www.adobeereg.com wwis-dubc1-vip60.adobe.com
www.wip.adobe.com www.wip1.adobe.comO1 - Hosts: 127.0.0.1
www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (YouTube to MP3 Converter) - {E71596B0-A83B-453D-82C1-4BE99947C65F} - C:\Documents and Settings\Elizabeth Gries\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll (Sevas-S LLC)
O2 - BHO: (My Smart Tabs) - {E7190CBA-EF64-4CBC-AE5F-44d9930D8CEC} - C:\Documents and Settings\Elizabeth Gries\Local Settings\Application Data\Sevas-S\My Smart Tabs\BrowserExtensions\IE\MySmartTabs.dll (SEVAS-S LLC)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [My Smart Tabs Updater] C:\Documents and Settings\Elizabeth Gries\Local Settings\Application Data\Sevas-S\My Smart Tabs\smtb_updater.exe (Sevas-S)
O4 - HKLM..\Run: [Sevas-SSoftwareDefender] C:\Documents and Settings\Elizabeth Gries\Local Settings\Application Data\Sevas-S\Defender\defender.exe File not found
O4 - HKLM..\Run: [Sevas-SSoftwareUpdater] C:\Documents and Settings\Elizabeth Gries\Local Settings\Application Data\Sevas-S\Updater\updater.exe (Sevas-S)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YouTube to MP3 Converter Updater] C:\Documents and Settings\Elizabeth Gries\Local Settings\Application Data\Sevas-S\YouTube to MP3 Converter\yt2mp3_updater.exe (Sevas-S)
O4 - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004..\Run: [F.lux] C:\Documents and Settings\Elizabeth Gries\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - Startup: C:\Documents and Settings\Elizabeth Gries\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Elizabeth Gries\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-4028432042-3930133924-1828962668-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14868C30-7CCE-47F0-8B81-B47EBCFA260F}: DhcpNameServer = 192.168.1.254 75.153.176.9
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/28 14:21:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ========== [2013/01/31 16:05:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Elizabeth Gries\Desktop\OTL.exe
[2013/01/28 10:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2013/01/25 14:45:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elizabeth Gries\Desktop\papercuts
[2013/01/18 14:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/13 16:42:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elizabeth Gries\Local Settings\Application Data\DoNotTrackPlus
[2013/01/13 16:42:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elizabeth Gries\Application Data\AskToolbar
[2013/01/10 18:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elizabeth Gries\Desktop\Preg line
[2013/01/09 09:56:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/01/09 09:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Plants vs Zombies
[2013/01/09 09:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Plants vs Zombies
[2013/01/09 09:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2013/01/09 09:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2013/01/09 09:53:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2013/01/09 09:53:02 | 000,235,080 | ---- | C] (Big Fish Games) -- C:\Documents and Settings\Elizabeth Gries\Desktop\bigfishgames_p168348252_s1_l1.exe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\Documents and Settings\Elizabeth Gries\My Documents\*.tmp files -> C:\Documents and Settings\Elizabeth Gries\My Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2013/01/31 16:12:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/01/31 16:05:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elizabeth Gries\Desktop\OTL.exe
[2013/01/31 15:41:43 | 000,329,215 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\kathys folks0002.jpg
[2013/01/31 15:39:47 | 000,208,267 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\kathys folks0001.jpg
[2013/01/31 08:08:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2013/01/31 08:00:50 | 000,433,122 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/31 08:00:50 | 000,067,952 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/31 07:56:40 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4028432042-3930133924-1828962668-1004.job
[2013/01/31 07:56:34 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2013/01/31 07:56:32 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/31 07:56:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/30 07:50:41 | 000,001,058 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/30 07:50:13 | 000,001,062 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\Dropbox.lnk
[2013/01/29 21:15:13 | 000,242,720 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\ferry receipt0001.pdf
[2013/01/28 21:32:24 | 000,052,253 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\old couple.jpg
[2013/01/27 16:45:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4028432042-3930133924-1828962668-1004.job
[2013/01/23 19:52:06 | 000,078,875 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\tn_208269_10152153448071393_131043911_n.jpg
[2013/01/23 19:51:25 | 000,080,160 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\208269_10152153448071393_131043911_n.jpg
[2013/01/23 19:46:21 | 004,441,288 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\Colin portrait.jpg
[2013/01/23 19:36:02 | 010,143,731 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\Colin portrait.psd
[2013/01/22 19:02:09 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/22 18:25:24 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/22 18:17:12 | 000,170,091 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\Colin Gries.JPG
[2013/01/15 20:16:30 | 000,048,143 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\liam gangam style.jpg
[2013/01/14 14:18:26 | 002,131,364 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\My Documents\optimal_breathing.pdf
[2013/01/11 22:14:29 | 000,008,332 | ---- | M] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\Zombatar_1.jpg
[2013/01/09 09:56:43 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Plants vs Zombies.lnk
[2013/01/09 09:56:43 | 000,001,200 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2013/01/09 09:55:01 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2013/01/09 09:55:01 | 000,000,225 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.url
[2013/01/09 09:53:02 | 000,235,080 | ---- | M] (Big Fish Games) -- C:\Documents and Settings\Elizabeth Gries\Desktop\bigfishgames_p168348252_s1_l1.exe
[2013/01/09 09:17:43 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/06 11:14:47 | 003,812,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/05 21:34:35 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\Documents and Settings\Elizabeth Gries\My Documents\*.tmp files -> C:\Documents and Settings\Elizabeth Gries\My Documents\*.tmp -> ]
========== Files Created - No Company Name ========== [2013/01/31 15:41:46 | 000,329,215 | ---- | C] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\kathys folks0002.jpg
[2013/01/31 15:41:46 | 000,208,267 | ---- | C] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\kathys folks0001.jpg
[2013/01/29 21:15:17 | 000,242,720 | ---- | C] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\ferry receipt0001.pdf
[2013/01/28 21:32:24 | 000,052,253 | ---- | C] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\old couple.jpg
[2013/01/23 19:52:06 | 000,078,875 | ---- | C] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\tn_208269_10152153448071393_131043911_n.jpg
[2013/01/23 19:51:24 | 000,080,160 | ---- | C] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\208269_10152153448071393_131043911_n.jpg
[2013/01/23 19:37:48 | 004,441,288 | ---- | C] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\Colin portrait.jpg
[2013/01/23 19:36:00 | 010,143,731 | ---- | C] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\Colin portrait.psd
[2013/01/22 19:02:09 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/22 18:25:24 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Elizabeth Gries\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/22 18:17:12 | 000,170,091 | ---- | C] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\Colin Gries.JPG
[2013/01/15 20:16:29 | 000,048,143 | ---- | C] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\liam gangam style.jpg
[2013/01/14 14:18:26 | 002,131,364 | ---- | C] () -- C:\Documents and Settings\Elizabeth Gries\My Documents\optimal_breathing.pdf
[2013/01/11 22:14:29 | 000,008,332 | ---- | C] () -- C:\Documents and Settings\Elizabeth Gries\Desktop\Zombatar_1.jpg
[2013/01/09 09:56:43 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Plants vs Zombies.lnk
[2013/01/09 09:56:43 | 000,001,200 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2013/01/09 09:55:01 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2013/01/09 09:55:01 | 000,000,225 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.url
[2013/01/09 09:54:31 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk
[2013/01/09 09:54:27 | 000,001,184 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk
[2012/02/15 09:01:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/15 13:21:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2012/01/15 13:21:30 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2012/01/15 13:21:30 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM10A.DAT
[2011/07/02 23:16:54 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/07/02 21:56:44 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/07/02 21:36:00 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\Elizabeth Gries\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/02 21:21:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/28 14:38:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011/03/28 14:37:21 | 001,481,884 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin
[2011/03/28 14:37:21 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2011/03/28 14:34:01 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/03/28 14:33:43 | 000,001,996 | ---- | C] () -- C:\WINDOWS\System32\drivers\HDACfg.dat
[2011/03/28 14:22:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/28 14:19:19 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/28 14:09:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/03/28 14:09:12 | 000,433,122 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/28 14:09:12 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2011/03/28 14:09:12 | 000,067,952 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/28 14:09:12 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2011/03/28 14:09:11 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2011/03/28 14:09:11 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2011/03/28 14:09:11 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2011/03/28 14:09:09 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2011/03/28 14:09:09 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2011/03/28 14:09:06 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2011/03/28 14:09:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2011/03/28 06:15:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/28 06:15:01 | 003,812,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
========== ZeroAccess Check ========== [2011/07/30 18:50:15 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/12/20 14:15:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 21:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ========== @Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
< End of report >
OTL Extras logfile created on: 1/31/2013 4:07:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Elizabeth Gries\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.98 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 60.63% Memory free
4.29 Gb Paging File | 3.15 Gb Available in Paging File | 73.35% Paging File free
Paging file location(s): C:\pagefile.sys 1500 3000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 784.38 Gb Free Space | 84.21% Space Free | Partition Type: NTFS
Computer Name: MAGENTA-ANGEL | User Name: Elizabeth Gries | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-4028432042-3930133924-1828962668-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Documents and Settings\Elizabeth Gries\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Elizabeth Gries\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{27E3BC84-8151-4F76-9D53-A810394CADAC}" = hpg3010
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E2A59F15-F731-4062-9BB7-3C99D8F15756}" = HP Scanjet G3010
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2270DW
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon Kindle" = Amazon Kindle
"Avira AntiVir Desktop" = Avira Antivirus Premium
"BFGC" = Big Fish Games: Game Manager
"BFG-Plants vs Zombies" = Plants vs. Zombies
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Digital Editions" = Adobe Digital Editions
"Easy Thumbnails_is1" = Easy Thumbnails (Remove only)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MESOL" = Intel(R) Active Management Technology LMS Service and SOL Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"RealPlayer 12.0" = RealPlayer
"Spell Checker For OE 2.1" = Spell Checker For OE 2.1
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YouTube to MP3 Converter" = YouTube to MP3 Converter
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4028432042-3930133924-1828962668-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
"Flux" = F.lux
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 1/18/2013 5:11:57 PM | Computer Name = MAGENTA-ANGEL | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 18.0.0.4752, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = Service Control Manager | ID = 7024
Description = The Avira Mail Protection service terminated with service-specific
error 1 (0x1).
Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = Service Control Manager | ID = 7024
Description = The Avira Web Protection service terminated with service-specific
error 1 (0x1).
Error - 12/1/2012 1:09:10 AM | Computer Name = MAGENTA-ANGEL | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.65 on
the Network Card with network address 001CC422988C.
Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = Service Control Manager | ID = 7024
Description = The Avira Mail Protection service terminated with service-specific
error 1 (0x1).
Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = Service Control Manager | ID = 7024
Description = The Avira Web Protection service terminated with service-specific
error 1 (0x1).
Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = Service Control Manager | ID = 7024
Description = The Avira Mail Protection service terminated with service-specific
error 1 (0x1).
Error - 8/24/2033 6:10:08 AM | Computer Name = MAGENTA-ANGEL | Source = Service Control Manager | ID = 7024
Description = The Avira Web Protection service terminated with service-specific
error 1 (0x1).
< End of report >
GMER 2.0.18454 -
http://www.gmer.netRootkit scan 2013-01-31 22:03:21
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 ST31000524AS rev.JC45 931.51GB
Running: 13hskdm5.exe; Driver: C:\DOCUME~1\ELIZAB~1\LOCALS~1\Temp\kgrdapog.sys
---- System - GMER 2.0 ----
SSDT BA7C33C4 ZwClose
SSDT BA7C337E ZwCreateKey
SSDT BA7C33CE ZwCreateSection
SSDT BA7C33A6 ZwCreateSymbolicLinkObject
SSDT BA7C3374 ZwCreateThread
SSDT BA7C3383 ZwDeleteKey
SSDT BA7C338D ZwDeleteValueKey
SSDT BA7C33BF ZwDuplicateObject
SSDT BA7C33AB ZwLoadDriver
SSDT BA7C3392 ZwLoadKey
SSDT BA7C3360 ZwOpenProcess
SSDT BA7C33A1 ZwOpenSection
SSDT BA7C3365 ZwOpenThread
SSDT BA7C33E7 ZwQueryValueKey
SSDT BA7C339C ZwReplaceKey
SSDT BA7C33D8 ZwRequestWaitReplyPort
SSDT BA7C3397 ZwRestoreKey
SSDT BA7C33D3 ZwSetContextThread
SSDT BA7C33DD ZwSetSecurityObject
SSDT BA7C33B0 ZwSetSystemInformation
SSDT BA7C3388 ZwSetValueKey
SSDT BA7C33E2 ZwSystemDebugControl
SSDT BA7C336F ZwTerminateProcess
SSDT BA7C336A ZwWriteVirtualMemory
---- User code sections - GMER 2.0 ----
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1056] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- EOF - GMER 2.0 ----