Here are the outputs>>>>>>>>>>>>
OTL.txt
OTL logfile created on: 02/10/2013 6:13:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\v01665\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy
1.24 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 62.35% Memory free
1.84 Gb Paging File | 1.36 Gb Available in Paging File | 74.11% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 1.21 Gb Free Space | 3.26% Space Free | Partition Type: NTFS
Drive Y: | 37.21 Gb Total Space | 1.21 Gb Free Space | 3.26% Space Free | Partition Type: *NT5CSC
Computer Name: LPFYVYC81 | User Name: v01665 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days
========== Processes (SafeList) ========== PRC - [2013/02/10 18:11:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\v01665\Desktop\OTL.exe
PRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/08/08 07:34:58 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/02 00:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/01 23:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/04/24 01:11:59 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/04/14 15:56:01 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxebcoms.exe
PRC - [2010/04/14 15:55:54 | 000,193,192 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxebserv.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/03 08:41:43 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2006/12/09 19:04:10 | 000,128,832 | ---- | M] (Microsoft (R) Corporation) -- C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
PRC - [2006/12/09 19:04:10 | 000,117,568 | ---- | M] (Microsoft (R) Corporation) -- C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2005/07/12 15:35:20 | 000,756,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
PRC - [2004/10/30 14:59:54 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 15:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/09/13 03:33:20 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2004/09/07 16:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/09/07 16:03:40 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/08/19 01:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
========== Modules (No Company Name) ========== MOD - [2012/08/04 18:17:56 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\dbc4c0be36767456143cefecc1ce2809\System.ServiceProcess.ni.dll
MOD - [2012/08/04 17:56:25 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0f9d7198d2c0a3953fb59b1aca0d35f7\System.Runtime.Remoting.ni.dll
MOD - [2012/08/04 17:56:21 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll
MOD - [2012/08/04 17:56:19 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll
MOD - [2012/08/04 17:48:29 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll
MOD - [2012/08/04 17:47:04 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
MOD - [2012/08/04 17:45:12 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\a76b58bd61fc970c0f11e6fac0ffbeef\System.Windows.Forms.ni.dll
MOD - [2012/08/04 17:44:38 | 001,653,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\45796b0658535e8d2ff6f6ec1ab6a244\System.Drawing.ni.dll
MOD - [2012/08/04 17:44:03 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
MOD - [2012/08/04 17:43:20 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
MOD - [2012/08/04 17:41:12 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
MOD - [2012/08/04 17:40:51 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012/04/16 22:11:02 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009/11/04 09:14:19 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxebdrpp.dll
MOD - [2006/06/20 22:34:28 | 000,017,704 | ---- | M] () -- C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll
MOD - [2004/09/07 16:03:46 | 000,073,728 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL
========== Services (SafeList) ========== SRV - [2013/02/07 20:37:43 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/05/02 00:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/01 23:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/04/14 15:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxebcoms.exe -- (lxeb_device)
SRV - [2010/04/14 15:55:54 | 000,193,192 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/12/09 19:04:10 | 000,128,832 | ---- | M] (Microsoft (R) Corporation) [Auto | Running] -- C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe -- (FwcAgent)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2012/04/27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/04/24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/16 20:18:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/04/02 13:47:26 | 000,021,992 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SiUSBXp.sys -- (SIUSBXP)
DRV - [2011/08/10 15:39:48 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2005/12/22 16:30:51 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2005/03/10 22:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/01/31 08:07:02 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/11/16 02:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/10/21 20:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2004/08/31 08:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/18 14:53:54 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/12 08:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/06/17 20:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 20:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 20:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 15:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ieIE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" =
http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50ie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.comIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page =
http://www.dell.comIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell.comIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.16.8.130:8080
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.comIE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page =
http://www.dell.comIE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell.comIE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.16.8.130:8080
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-117609710-562591055-682003330-1274\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com/?fr=fp-yie8IE - HKU\S-1-5-21-117609710-562591055-682003330-1274\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-117609710-562591055-682003330-1274\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/IE - HKU\S-1-5-21-117609710-562591055-682003330-1274\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-117609710-562591055-682003330-1274\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-117609710-562591055-682003330-1274\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_en
IE - HKU\S-1-5-21-117609710-562591055-682003330-1274\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.13.15.1
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems:
moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems:
seo4firefox@seobook.com:2.7.9
FF - prefs.js..network.proxy.ftp: "172.16.8.130"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "172.16.8.130"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "172.16.8.130"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "172.16.8.130"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "172.16.8.130"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\v01665\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\v01665\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/11/30 09:46:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/10 17:32:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\v01665\Application Data\Move Networks [2009/11/19 20:10:23 | 000,000,000 | ---D | M]
[2008/08/13 13:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\v01665\Application Data\Mozilla\Extensions
[2012/06/27 17:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\v01665\Application Data\Mozilla\Firefox\Profiles\vm1r2pf1.default\extensions
[2009/07/29 15:35:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\v01665\Application Data\Mozilla\Firefox\Profiles\vm1r2pf1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/08/13 13:49:40 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\v01665\Application Data\Mozilla\Firefox\Profiles\vm1r2pf1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/06/06 21:54:33 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Documents and Settings\v01665\Application Data\Mozilla\Firefox\Profiles\vm1r2pf1.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2008/08/13 13:50:29 | 000,000,000 | ---D | M] ("SEO For Firefox") -- C:\Documents and Settings\v01665\Application Data\Mozilla\Firefox\Profiles\vm1r2pf1.default\extensions\seo4firefox@seobook.com
[2013/02/10 17:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/02/03 08:42:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/11/23 12:55:18 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2008/06/12 22:06:09 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\Program Files\Mozilla Firefox\extensions\realplayer@partners.mozilla.com
[2009/11/19 20:10:23 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\V01665\APPLICATION DATA\MOVE NETWORKS
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2008/07/21 09:04:57 | 002,889,088 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
O1 HOSTS File: ([2010/06/09 10:57:54 | 000,000,826 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.1.124 HP000D9D17A427
O1 - Hosts: 12.151.27.6
www.deltavacations.comO1 - Hosts: 127.0.0.1 movie-forumz.org
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [gcasServ] C:\Program Files\Microsoft AntiSpyware\gcasServ.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-117609710-562591055-682003330-1274..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden File not found
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [TSClientAXDisabler] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [TSClientAXDisabler] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe (Microsoft (R) Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 7200
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-117609710-562591055-682003330-1274\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-117609710-562591055-682003330-1274\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft (R) Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft (R) Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft (R) Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft (R) Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Microsoft Firewall Client 2004\FwcWsp.dll (Microsoft (R) Corporation)
O15 - HKU\S-1-5-21-117609710-562591055-682003330-1274\..Trusted Domains: aol.com ([my.screenname] http in Trusted sites)
O15 - HKU\S-1-5-21-117609710-562591055-682003330-1274\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-117609710-562591055-682003330-1274\..Trusted Domains: aol.com ([webmail] http in Trusted sites)
O15 - HKU\S-1-5-21-117609710-562591055-682003330-1274\..Trusted Domains: aol.com ([www] http in Trusted sites)
O16 - DPF: {03DF0933-6E10-4D32-9835-B9A815622831}
https://gopublic.wspan.com/secure/DLLs/ ... mation.cab (WSSystemInfo Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}
http://download.microsoft.com/download/ ... ontrol.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83}
http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3}
http://a516.g.akamai.net/f/516/25175/7d ... o-eula.cab (Citrix ICA Client)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325}
http://logon.tarponpointe.com/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}
http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E}
http://www.linkedin.com/cab/LinkedInCon ... ontrol.cab (LinkedIn ContactFinderControl)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4}
http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.microsoft.com/microsoftup ... 1368718250 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://update.microsoft.com/microsoftup ... 1368704984 (MUWebControl Class)
O16 - DPF: {7B72C3FC-34B5-4504-B4BE-EB38971A0888}
https://go.worldspan.com/Dlls/WSFileIO3.cab (WSFileIO Class 3)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73}
https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505}
http://logon.tarponpointe.com/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D}
http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab (Reg Error: Key error.)
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C}
http://myitlab.pearsoned.com/Pegasus/Mo ... x/stub.cab (Enlite 2.x Simulation Engine Installer)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
https://hitwise.webex.com/client/T25L/webex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CVGNET.CVG
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14CFA4CB-4702-4692-B104-B0F25A65FEC7}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - (C:\Program Files\Intel\Wireless\Bin\LgNotify.dll) - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\DELL.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\DELL.BMP
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {9EF34FF2-3396-4527-9D27-04C8C1C67806} - C:\Program Files\Microsoft AntiSpyware\shellextension.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 180 Days ========== [2013/02/10 18:11:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\v01665\Desktop\OTL.exe
[2013/02/10 18:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\v01665\Desktop\RK_Quarantine
[2013/02/07 22:52:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\v01665\My Documents\My Videos
[2013/02/07 22:52:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\v01665\My Documents\My Music
[2013/02/07 22:52:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\v01665\Start Menu\Programs\Administrative Tools
[2013/01/22 20:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2012
[2013/01/21 22:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\v01665\Desktop\Craigslist
[2012/12/02 20:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\office Convert Pdf to Jpg Jpeg Tiff Free
[2012/12/02 20:39:25 | 009,661,784 | ---- | C] (Officeconvert Software, Inc. ) -- C:\Documents and Settings\v01665\Desktop\office-convert-pdf-to-jpg-jpeg-tiff-free.exe
[2012/12/02 20:36:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\v01665\Desktop\New Folder
[2012/08/26 20:34:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\v01665\Application Data\Apple Computer
========== Files - Modified Within 180 Days ========== [2013/02/10 18:20:39 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AD3E7E4B-BB36-4159-B3E5-7B7D075D84D1}.job
[2013/02/10 18:20:35 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C1CA9FFA-20E2-4E40-888B-DD68FB991EE2}.job
[2013/02/10 18:11:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\v01665\Desktop\OTL.exe
[2013/02/10 18:00:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/10 18:00:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/10 17:59:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/10 17:59:34 | 1333,198,848 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/10 17:57:10 | 000,782,848 | ---- | M] () -- C:\Documents and Settings\v01665\Desktop\RogueKiller.exe
[2013/02/10 17:32:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/10 17:29:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/07 20:37:05 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/02/07 20:37:01 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/02/03 13:58:19 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2012.lnk
[2013/02/03 13:03:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/02/01 07:53:51 | 000,579,293 | ---- | M] () -- C:\Documents and Settings\v01665\Desktop\ATT - Jan 14 2013 - may be dup.pdf
[2013/01/22 20:57:59 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2013/01/22 07:43:15 | 000,579,293 | ---- | M] () -- C:\Documents and Settings\v01665\Desktop\ATT - Jan 2013.pdf
[2013/01/15 20:38:28 | 000,044,310 | ---- | M] () -- C:\Documents and Settings\v01665\My Documents\Kevin Knapp - Florida Bright Futures 2012-2013.pdf
[2012/12/02 21:42:14 | 000,015,764 | ---- | M] () -- C:\Documents and Settings\v01665\Desktop\Universal Property - Reinspection.pdf
[2012/12/02 20:39:37 | 009,661,784 | ---- | M] (Officeconvert Software, Inc. ) -- C:\Documents and Settings\v01665\Desktop\office-convert-pdf-to-jpg-jpeg-tiff-free.exe
[2012/11/30 22:18:13 | 000,202,351 | ---- | M] () -- C:\Documents and Settings\v01665\My Documents\Kevin - Clerk of Circuit Court - Sumter County.PDF
[2012/11/29 08:25:43 | 000,142,885 | ---- | M] () -- C:\Documents and Settings\v01665\My Documents\2004 Ford Explorer - seller title.jpeg
[2012/11/29 07:58:21 | 000,180,829 | ---- | M] () -- C:\Documents and Settings\v01665\My Documents\CCCU docs - KNAPP.PDF
[2012/11/23 21:20:40 | 000,723,107 | ---- | M] () -- C:\Documents and Settings\v01665\Desktop\ATT Cell through 111412.pdf
[2012/11/23 20:58:48 | 000,165,945 | ---- | M] () -- C:\Documents and Settings\v01665\Desktop\Uverse - through 121012.pdf
[2012/11/21 07:08:10 | 000,507,540 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/21 07:08:10 | 000,088,728 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/27 21:47:42 | 000,357,222 | ---- | M] () -- C:\Documents and Settings\v01665\Desktop\Allstate - 082012.pdf
[2012/08/27 18:42:56 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/08/26 21:15:45 | 000,268,268 | ---- | M] () -- C:\Documents and Settings\v01665\My Documents\08-26-2012 10;15;36PM.PDF
[2012/08/26 21:00:53 | 000,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2012/08/26 20:57:49 | 005,137,141 | ---- | M] () -- C:\Documents and Settings\v01665\Desktop\IMG_0538.MOV
[2012/08/19 21:01:43 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\v01665\Desktop\Shortcut to Internet Explorer.lnk
========== Files Created - No Company Name ========== [2013/02/10 17:57:09 | 000,782,848 | ---- | C] () -- C:\Documents and Settings\v01665\Desktop\RogueKiller.exe
[2013/02/01 07:53:51 | 000,579,293 | ---- | C] () -- C:\Documents and Settings\v01665\Desktop\ATT - Jan 14 2013 - may be dup.pdf
[2013/01/22 20:54:24 | 000,002,393 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2012.lnk
[2013/01/22 07:43:13 | 000,579,293 | ---- | C] () -- C:\Documents and Settings\v01665\Desktop\ATT - Jan 2013.pdf
[2013/01/15 20:37:48 | 000,044,310 | ---- | C] () -- C:\Documents and Settings\v01665\My Documents\Kevin Knapp - Florida Bright Futures 2012-2013.pdf
[2012/12/02 21:42:14 | 000,015,764 | ---- | C] () -- C:\Documents and Settings\v01665\Desktop\Universal Property - Reinspection.pdf
[2012/11/30 22:18:13 | 000,202,351 | ---- | C] () -- C:\Documents and Settings\v01665\My Documents\Kevin - Clerk of Circuit Court - Sumter County.PDF
[2012/11/29 08:25:43 | 000,142,885 | ---- | C] () -- C:\Documents and Settings\v01665\My Documents\2004 Ford Explorer - seller title.jpeg
[2012/11/29 07:58:21 | 000,180,829 | ---- | C] () -- C:\Documents and Settings\v01665\My Documents\CCCU docs - KNAPP.PDF
[2012/11/23 21:20:40 | 000,723,107 | ---- | C] () -- C:\Documents and Settings\v01665\Desktop\ATT Cell through 111412.pdf
[2012/11/23 20:58:48 | 000,165,945 | ---- | C] () -- C:\Documents and Settings\v01665\Desktop\Uverse - through 121012.pdf
[2012/08/27 21:44:19 | 000,357,222 | ---- | C] () -- C:\Documents and Settings\v01665\Desktop\Allstate - 082012.pdf
[2012/08/26 21:15:45 | 000,268,268 | ---- | C] () -- C:\Documents and Settings\v01665\My Documents\08-26-2012 10;15;36PM.PDF
[2012/08/26 21:00:53 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2012/08/26 20:57:44 | 005,137,141 | ---- | C] () -- C:\Documents and Settings\v01665\Desktop\IMG_0538.MOV
[2012/08/19 21:01:43 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\v01665\Desktop\Shortcut to Internet Explorer.lnk
[2012/07/15 22:02:58 | 001,482,878 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-117609710-562591055-682003330-1274-0.dat
[2012/07/15 22:02:51 | 000,303,026 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/07/15 21:16:06 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/07/06 06:47:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/04/05 19:58:45 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\v01665\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/13 10:59:30 | 000,056,912 | ---- | C] () -- C:\Documents and Settings\v01665\g2mdlhlpx.exe
[2007/11/07 14:27:01 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\v01665\Application Data\$_hpcst$.hpc
[2007/11/07 11:09:43 | 000,000,490 | RHS- | C] () -- C:\Documents and Settings\v01665\ntuser.pol
[2005/09/19 12:42:58 | 000,017,586 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2005/09/01 22:12:29 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
========== ZeroAccess Check ========== [2004/08/11 17:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ========== [2005/09/19 14:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2012/07/24 07:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fitbit
[2012/08/13 19:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark Pro200-S500 Series
[2012/03/29 13:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\myitlab2010
[2012/08/04 16:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2005/10/11 16:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/01 08:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2009/01/01 11:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YesVideo
[2012/08/06 10:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\v01665\Application Data\com.ynab.YNAB4.LiveCaptive
[2009/05/11 13:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\v01665\Application Data\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2008/03/10 13:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\v01665\Application Data\ICAClient
[2010/04/20 09:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\v01665\Application Data\Image Zone Express
[2009/08/19 07:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\v01665\Application Data\MSNInstaller
[2012/07/13 21:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\v01665\Application Data\smkits
[2007/12/07 23:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\v01665\Application Data\Viewpoint
[2009/03/30 15:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\v01665\Application Data\WebEx
[2010/02/12 15:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\v01665\Application Data\Windows Desktop Search
[2010/02/15 19:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\v01665\Application Data\Windows Search
========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 512 bytes -> C:\WINDOWS\kx95.dll:CA_INOCULATEIT
@Alternate Data Stream - 512 bytes -> C:\WINDOWS\KX32.DLL:CA_INOCULATEIT
@Alternate Data Stream - 512 bytes -> C:\WINDOWS\KX16.DLL:CA_INOCULATEIT
@Alternate Data Stream - 512 bytes -> C:\WINDOWS\KIX32.EXE:CA_INOCULATEIT
@Alternate Data Stream - 512 bytes -> C:\WINDOWS\instsrv.exe:CA_INOCULATEIT
< End of report >
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Extras.txt
OTL Extras logfile created on: 02/10/2013 6:13:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\v01665\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy
1.24 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 62.35% Memory free
1.84 Gb Paging File | 1.36 Gb Available in Paging File | 74.11% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 1.21 Gb Free Space | 3.26% Space Free | Partition Type: NTFS
Drive Y: | 37.21 Gb Total Space | 1.21 Gb Free Space | 3.26% Space Free | Partition Type: *NT5CSC
Computer Name: LPFYVYC81 | User Name: v01665 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-117609710-562591055-682003330-1274\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
"Enabled" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CA\eTrustITM\InoRpc.exe" = C:\Program Files\CA\eTrustITM\InoRpc.exe
"C:\Program Files\CA\eTrustITM\Realmon.exe" = C:\Program Files\CA\eTrustITM\Realmon.exe
"C:\Program Files\CA\eTrustITM\Shellscn.exe" = C:\Program Files\CA\eTrustITM\Shellscn.exe
"C:\Program Files\Sophos\Remote Management System\RouterNT.exe" = C:\Program Files\Sophos\Remote Management System\RouterNT.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
"Enabled" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"8192:TCP:172.16.8.0/24:enabled:Sophos" = 8192:TCP:172.16.8.0/24:enabled:Sophos
"8193:TCP:172.17.8.0/24:enabled:Sophos" = 8193:TCP:172.17.8.0/24:enabled:Sophos
"8194:TCP:172.16.8.0/24:enabled:Sophos" = 8194:TCP:172.16.8.0/24:enabled:Sophos
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 1
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = 172.16.8.0/24,172.16.9.0/24,172.16.3.0/24,172.30.1.0/24,localsubnet,172.16.13.81
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = 172.16.8.0/24
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = 172.16.8.0/24,172.16.9.0/24,172.16.3.0/24,172.30.1.0/24,localsubnet
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = 172.16.8.0/24,172.16.9.0/24,172.16.3.0/24,172.30.1.0/24,localsubnet,172.16.13.81
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = 172.16.8.0/24,172.16.9.0/24,172.16.3.0/24,172.30.1.0/24,localsubnet
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\1129064945\EE\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1129064945\EE\aolsoftware.exe:*:Enabled:AOL Services -- (AOL LLC)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor
"C:\Program Files\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20080709-200808010926\jre\bin\javaw.exe" = C:\Program Files\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20080709-200808010926\jre\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary
"C:\Program Files\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20080709-200808010926\jre\bin\notes2w.exe" = C:\Program Files\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20080709-200808010926\jre\bin\notes2w.exe:*:Enabled:Lotus Notes
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1129064945\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1129064945\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\1129064945\EE\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1129064945\EE\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Temp\HP_WebRelease\Setup\HPZnet01.exe" = C:\Temp\HP_WebRelease\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in -- (Hewlett-Packard)
"C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor
"C:\Program Files\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20080709-200808010926\jre\bin\notes2w.exe" = C:\Program Files\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20080709-200808010926\jre\bin\notes2w.exe:*:Enabled:Lotus Notes
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:HP AiO Fax Manager -- (Hewlett-Packard Co.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\WINDOWS\system32\lxebcoms.exe" = C:\WINDOWS\system32\lxebcoms.exe:*:Enabled:Pro200-S500 Series Server -- ( )
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20080709-200808010926\jre\bin\javaw.exe" = C:\Program Files\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20080709-200808010926\jre\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary
"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{199B7F78-69B7-47C5-8D4B-A3ED1391FB6B}" = Microsoft Firewall Client
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{536F7C74-844B-4683-B0C5-EA39E19A6FE3}" = Microsoft AntiSpyware
"{5D6EC6F7-9B38-4a02-B063-97C2048B56A2}" = 7200_Help
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8F7A4D82-B168-4F89-99C2-B9873EC877AF}" = HP Image Zone Express
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7391302-FADF-4314-80DC-C757DAE45178}" = 7200
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC966B90-53CA-4710-8EEE-57ED25387872}" = 7200Trb
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{EBC91840-41E1-4CC3-AC11-0B889546223C}" = Microsoft IntelliPoint 5.5
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AOL Deskbar" = AOL Deskbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"Avira AntiVir Desktop" = Avira Free Antivirus
"CentreVu Supervisor 9.0" = CentreVu Supervisor 9.0
"Citrix ICA Web Client" = MetaFrame Presentation Server Web Client for Win32
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"Gadwin PrintScreen" = Gadwin PrintScreen
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Lexmark Pro200-S500 Series" = Lexmark Pro200-S500 Series
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Mozilla Firefox (3.0.4)" = Mozilla Firefox (3.0.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel(R) PROSet/Wireless Software
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 6.0" = RealPlayer
"TurboTax 2011" = TurboTax 2011
"TurboTax 2012" = TurboTax 2012
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-117609710-562591055-682003330-1274\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 02/10/2013 6:50:19 PM | Computer Name = LPFYVYC81 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.
Error - 02/10/2013 6:50:27 PM | Computer Name = LPFYVYC81 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.
Error - 02/10/2013 6:51:30 PM | Computer Name = LPFYVYC81 | Source = UserInit | ID = 1000
Description = Could not execute the following script \\dchqcvgnet01\netlogon\Conflicker_Removal.cmd.
The network path was not found. .
Error - 02/10/2013 6:51:46 PM | Computer Name = LPFYVYC81 | Source = UserInit | ID = 1000
Description = Could not execute the following script \\dchqcvgnet01\netlogon\DST2007Update_Win2k.cmd.
The network path was not found. .
Error - 02/10/2013 6:53:17 PM | Computer Name = LPFYVYC81 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.
Error - 02/10/2013 6:59:54 PM | Computer Name = LPFYVYC81 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.
Error - 02/10/2013 7:00:03 PM | Computer Name = LPFYVYC81 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.
Error - 02/10/2013 7:01:20 PM | Computer Name = LPFYVYC81 | Source = UserInit | ID = 1000
Description = Could not execute the following script \\dchqcvgnet01\netlogon\Conflicker_Removal.cmd.
The network path was not found. .
Error - 02/10/2013 7:01:37 PM | Computer Name = LPFYVYC81 | Source = UserInit | ID = 1000
Description = Could not execute the following script \\dchqcvgnet01\netlogon\DST2007Update_Win2k.cmd.
The network path was not found. .
Error - 02/10/2013 7:01:37 PM | Computer Name = LPFYVYC81 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.
[ OSession Events ]
Error - 09/27/2009 6:25:23 PM | Computer Name = LPFYVYC81 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 172
seconds with 0 seconds of active time. This session ended with a crash.
Error - 09/27/2009 6:25:44 PM | Computer Name = LPFYVYC81 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.
Error - 12/07/2010 1:06:16 PM | Computer Name = LPFYVYC81 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1681
seconds with 780 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 02/10/2013 5:05:45 PM | Computer Name = LPFYVYC81 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.
Error - 02/10/2013 5:35:45 PM | Computer Name = LPFYVYC81 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.
Error - 02/10/2013 6:35:47 PM | Computer Name = LPFYVYC81 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 120 minutes. NtpClient has no source of accurate
time.
Error - 02/10/2013 6:50:17 PM | Computer Name = LPFYVYC81 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain CVGNET due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.
Error - 02/10/2013 6:50:19 PM | Computer Name = LPFYVYC81 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 02/10/2013 6:50:20 PM | Computer Name = LPFYVYC81 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 02/10/2013 6:59:54 PM | Computer Name = LPFYVYC81 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain CVGNET due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.
Error - 02/10/2013 6:59:56 PM | Computer Name = LPFYVYC81 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 02/10/2013 6:59:56 PM | Computer Name = LPFYVYC81 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 02/10/2013 7:14:57 PM | Computer Name = LPFYVYC81 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.
< End of report >
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
RogueKiller
RogueKiller V8.5.0 [Feb 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback :
http://www.geekstogo.com/forum/files/fi ... guekiller/Website :
http://tigzy.geekstogo.com/roguekiller.phpBlog :
http://tigzyrk.blogspot.com/Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : v01665 [Admin rights]
Mode : Scan -- Date : 02/10/2013 18:05:42
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : uycomamc (C:\Documents and Settings\v01665\Local Settings\Application Data\ylwugo\dxeasftav.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-117609710-562591055-682003330-1274[...]\Run : uycomamc (C:\Documents and Settings\v01665\Local Settings\Application Data\ylwugo\dxeasftav.exe) -> FOUND
[PROXY FF] vm1r2pf1.default\ 172.16.8.130:8080 -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[25] : NtClose @ 0x805B1D78 -> HOOKED (Unknown @ 0xBA67641C)
SSDT[41] : NtCreateKey @ 0x8061ABE2 -> HOOKED (Unknown @ 0xBA6763D6)
SSDT[50] : NtCreateSection @ 0x805A0800 -> HOOKED (Unknown @ 0xBA676426)
SSDT[53] : NtCreateThread @ 0x805C735E -> HOOKED (Unknown @ 0xBA6763CC)
SSDT[63] : NtDeleteKey @ 0x8061B07E -> HOOKED (Unknown @ 0xBA6763DB)
SSDT[65] : NtDeleteValueKey @ 0x8061B24E -> HOOKED (Unknown @ 0xBA6763E5)
SSDT[68] : NtDuplicateObject @ 0x805B398C -> HOOKED (Unknown @ 0xBA676417)
SSDT[98] : NtLoadKey @ 0x8061CE06 -> HOOKED (Unknown @ 0xBA6763EA)
SSDT[122] : NtOpenProcess @ 0x805C13E2 -> HOOKED (Unknown @ 0xBA6763B8)
SSDT[128] : NtOpenThread @ 0x805C166E -> HOOKED (Unknown @ 0xBA6763BD)
SSDT[177] : NtQueryValueKey @ 0x80618E06 -> HOOKED (Unknown @ 0xBA67643F)
SSDT[193] : NtReplaceKey @ 0x8061CCB6 -> HOOKED (Unknown @ 0xBA6763F4)
SSDT[200] : NtRequestWaitReplyPort @ 0x805981A4 -> HOOKED (Unknown @ 0xBA676430)
SSDT[204] : NtRestoreKey @ 0x8061C5C2 -> HOOKED (Unknown @ 0xBA6763EF)
SSDT[213] : NtSetContextThread @ 0x805C8FB6 -> HOOKED (Unknown @ 0xBA67642B)
SSDT[237] : NtSetSecurityObject @ 0x805B60FE -> HOOKED (Unknown @ 0xBA676435)
SSDT[247] : NtSetValueKey @ 0x80619154 -> HOOKED (Unknown @ 0xBA6763E0)
SSDT[255] : NtSystemDebugControl @ 0x8060EB2C -> HOOKED (Unknown @ 0xBA67643A)
SSDT[257] : NtTerminateProcess @ 0x805C866A -> HOOKED (Unknown @ 0xBA6763C7)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xBA67644E)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xBA676453)
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
192.168.1.124 HP000D9D17A427
12.151.27.6
www.deltavacations.com127.0.0.1 movie-forumz.org
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS541040G9AT00 +++++
--- User ---
[MBR] ee1f5c03d8209af4374a26e76f299892
[BSP] 6fce854bb00d4cf63b72632e3fef5c77 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 38099 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_02102013_02d1805.txt >>
RKreport[1]_S_02102013_02d1805.txt