Hi,
I was able to remove the Ask toolbar using Revo Uninstaller pro.
OTL ran fine, here are the 2 files
OTL logfile created on: 10/2/2012 1:38:00 AM - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Documents and Settings\Donald\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 69.44% Memory free
4.35 Gb Paging File | 3.18 Gb Available in Paging File | 73.11% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 22.99 Gb Free Space | 30.86% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 232.78 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive X: | 928.30 Gb Total Space | 820.55 Gb Free Space | 88.39% Space Free | Partition Type: NTFS
Drive Y: | 928.30 Gb Total Space | 820.55 Gb Free Space | 88.39% Space Free | Partition Type: NTFS
Computer Name: DONALD-FDJSU4TP | User Name: Donald | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/10/02 01:35:46 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Donald\Desktop\OTL.exe
PRC - [2012/10/01 12:12:35 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/02/16 07:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/24 07:54:08 | 000,509,704 | ---- | M] (PacketVideo) -- C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe
PRC - [2011/08/24 07:54:06 | 001,517,320 | ---- | M] () -- C:\Program Files\TwonkyMedia\twonkymediaserver.exe
PRC - [2011/08/24 07:48:50 | 000,245,760 | ---- | M] () -- C:\Program Files\TwonkyMedia\twonkywebdav.exe
PRC - [2011/08/03 21:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe
PRC - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/10 17:59:30 | 000,082,776 | ---- | M] (Intuit Inc.) -- C:\Program Files\Quicken\qw.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/06/17 10:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2008/11/07 12:20:40 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2004/10/28 10:29:48 | 000,581,632 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\KEM.exe
PRC - [2004/10/21 14:28:40 | 000,029,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\KHALMNPR.exe
PRC - [2004/10/15 13:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 13:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2002/07/10 21:04:26 | 000,094,276 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\msworks.exe
========== Modules (No Company Name) ========== MOD - [2012/08/30 09:42:18 | 009,813,704 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2012/03/10 00:04:59 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/03/10 00:02:57 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/03/10 00:00:21 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/03/09 23:57:45 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/03/09 23:57:33 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2012/03/09 23:56:04 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/02/16 07:40:41 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/24 07:54:06 | 001,517,320 | ---- | M] () -- C:\Program Files\TwonkyMedia\twonkymediaserver.exe
MOD - [2011/08/24 07:52:58 | 000,143,360 | ---- | M] () -- C:\Program Files\TwonkyMedia\wmdrmdll.dll
MOD - [2011/08/24 07:48:50 | 000,245,760 | ---- | M] () -- C:\Program Files\TwonkyMedia\twonkywebdav.exe
MOD - [2011/07/28 16:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/10 18:01:08 | 000,490,328 | ---- | M] () -- C:\Program Files\Quicken\alrtint8.dll
MOD - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2009/06/17 10:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
MOD - [2004/10/28 10:27:18 | 000,086,016 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe -- (Roxio UPnP Renderer 11)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/10/01 12:12:35 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/09/21 06:17:31 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/24 07:54:08 | 000,509,704 | ---- | M] (PacketVideo) [Auto | Running] -- C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe -- (TwonkyMedia)
SRV - [2011/08/24 07:48:50 | 000,245,760 | ---- | M] () [Auto | Running] -- C:\Program Files\TwonkyMedia\twonkywebdav.exe -- (TwonkyWebDav)
SRV - [2011/08/03 21:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe -- (N360)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/06/17 10:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2008/11/07 12:20:40 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2004/10/15 13:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VcommMgr.sys -- (VcommMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VComm.sys -- (VComm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS -- (SMNDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vbtenum.sys -- (BTHidEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcusb.sys -- (Btcsrusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\blueletaudio.sys -- (BlueletAudio)
DRV - [2012/09/23 02:52:24 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20121001.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/09/23 02:52:24 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20121001.004\NAVENG.SYS -- (NAVENG)
DRV - [2012/09/21 15:31:10 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120928.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/08/31 15:09:14 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120919.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/08/11 10:47:27 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/11 10:47:27 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/29 22:24:54 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2011/08/21 19:53:36 | 000,362,360 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symtdi.sys -- (SYMTDI)
DRV - [2011/08/21 19:53:35 | 000,173,176 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symefa.sys -- (SymEFA)
DRV - [2011/08/03 21:19:30 | 000,485,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\cchpx86.sys -- (ccHP)
DRV - [2011/06/03 08:48:48 | 000,066,944 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\thdudf.sys -- (thdudf)
DRV - [2010/09/26 19:10:30 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2010/05/05 06:01:30 | 000,278,560 | R--- | M] (Netgear) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G311N6.sys -- (G311N6)
DRV - [2010/05/04 22:15:30 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/04/28 22:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\ironx86.sys -- (SymIRON)
DRV - [2010/04/21 19:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\srtsp.sys -- (SRTSP)
DRV - [2010/04/21 19:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\srtspx.sys -- (SRTSPX)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/14 20:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symds.sys -- (SymDS)
DRV - [2009/07/16 16:20:58 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2008/04/13 11:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2005/07/14 08:57:05 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/10/21 14:31:14 | 000,038,691 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/10/21 14:31:06 | 000,054,851 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2004/10/21 14:30:56 | 000,071,535 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2004/10/21 14:30:38 | 000,024,671 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2003/12/25 19:53:10 | 000,067,456 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GA311ND5.SYS -- (RTL8023)
DRV - [2003/12/25 19:53:10 | 000,011,237 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp)
DRV - [2003/12/25 19:53:10 | 000,008,440 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/01/10 14:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2001/09/19 03:11:00 | 000,067,440 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2)
DRV - [2001/09/19 03:11:00 | 000,050,432 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Pr2.sys -- (l8042pr2)
DRV - [2001/09/19 03:11:00 | 000,037,822 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
DRV - [2001/09/19 03:11:00 | 000,022,064 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2001/09/19 03:11:00 | 000,005,840 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - SOFTWARE\Classes\CLSID\{EA756889-2338-43DB-8F07-D1CA6FB9C90D}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com/ieIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ieIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ieIE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - SOFTWARE\Classes\CLSID\{EA756889-2338-43DB-8F07-D1CA6FB9C90D}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {077EB44A-E3F6-4E11-ACB5-BFF9C7515E88}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{077EB44A-E3F6-4E11-ACB5-BFF9C7515E88}: "URL" =
http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBR_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0
========== FireFox ========== FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.xfinity.com/customer/start/?attr=mm&cid=insDate08052011"
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledAddons: {F029FFC6-E676-11E1-8270-B8AC6F996F26}:2.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems:
engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.7
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..keyword.URL: "http://bing.zugo.com/s/?src=FF-Address&site=Bing&cfg=2-73-0-faeY\n&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/07/25 19:33:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2012/10/01 12:18:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/25 15:49:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/09 23:26:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/01 11:45:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F029FFC6-E676-11E1-8270-B8AC6F996F26}: C:\Documents and Settings\Donald\Local Settings\Application Data\{F029FFC6-E676-11E1-8270-B8AC6F996F26}\ [2012/08/14 18:17:28 | 000,000,000 | ---D | M]
[2008/11/20 20:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Donald\Application Data\Mozilla\Extensions
[2012/10/02 00:59:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions
[2010/05/09 22:36:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/04 11:11:51 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/09/25 15:53:38 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/06/04 11:11:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions\engine@conduit.com
[2012/01/07 22:58:00 | 000,634,964 | ---- | M] () (No name found) -- C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2010/01/31 17:09:55 | 000,002,188 | ---- | M] () -- C:\Documents and Settings\Donald\Application Data\Mozilla\Firefox\Profiles\mxgkytql.default\searchplugins\bing-ff.xml
[2012/10/01 11:47:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/14 18:17:28 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\DOCUMENTS AND SETTINGS\DONALD\LOCAL SETTINGS\APPLICATION DATA\{F029FFC6-E676-11E1-8270-B8AC6F996F26}
[2012/02/16 07:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/16 03:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 03:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ========== CHR - homepage:
http://www.google.com/CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Donald\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
O1 HOSTS File: ([2003/07/16 09:23:48 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - Reg Error: Value error. File not found
O2 - BHO: (TwonkyMediaContextMenuHandler) - {D6E0063B-7B09-45C9-A51D-1FB51840EBE0} - C:\Program Files\Twonky\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll (PacketVideo)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [nmiscm] C:\Documents and Settings\Donald\Application Data\nmiscm.dll (BitTorrent, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2011/09/15 20:52:09 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Donald\Start Menu\Programs\Startup\AutorunsDisabled [2011/09/04 20:55:53 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Add to Playlist - C:\Program Files\Twonky\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll (PacketVideo)
O8 - Extra context menu item: Beam to - C:\Program Files\Twonky\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll (PacketVideo)
O9 - Extra Button: TwonkyBeam for Internet Explorer - {339E0A0F-ACAE-408f-AAD7-4E9158FFDE7C} - C:\Program Files\Twonky\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll (PacketVideo)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: closetmaid.com ([vsp] http in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83}
http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF}
http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92}
http://forms.real.com/real/player/downl ... st_Win.cab (Reg Error: Unable to open value key)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B}
http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B}
http://aolcc.aol.com/computercheckup/qdiagcc.cab (QDiagAOLCCUpdateObj Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.microsoft.com/windowsupda ... 0197917781 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}
http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://update.microsoft.com/microsoftup ... 6499508718 (MUWebControl Class)
O16 - DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A}
http://www.evite.com/html/imageUpload/I ... oader4.cab (Image Uploader Control)
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5}
http://jarmccall.no-ip.info:81/bl_camera.cab (Bl_camera Control)
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C}
http://www.costcophotocenter.com/CostcoUpload.cab (Snapfish File Upload ActiveX Control)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429}
http://www.sibelius.com/download/softwa ... Plugin.cab (ScorchPlugin Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}
http://office.microsoft.com/officeupdat ... /opuc4.cab (Office Update Installation Engine)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
https://download.macromedia.com/pub/sho ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E15D1DDC-BCCF-45D5-8EC6-ECF47FB9515B}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Donald\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/30 19:31:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d15a8031-59bf-11e0-ba3e-000cf1717603}\Shell\AutoRun\command - "" = G:\Setup_FlipShare.exe
O33 - MountPoints2\{d15a8031-59bf-11e0-ba3e-000cf1717603}\Shell\Setup FlipShare\command - "" = G:\Setup_FlipShare.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ========== [2012/10/02 01:35:43 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Donald\Desktop\OTL.exe
[2012/10/02 00:52:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donald\Local Settings\Application Data\VS Revo Group
[2012/10/02 00:52:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/10/02 00:52:03 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2012/10/02 00:52:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2012/10/02 00:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/10/02 00:51:17 | 007,902,008 | ---- | C] (VS Revo Group ) -- C:\Documents and Settings\Donald\My Documents\RevoUninProSetup.exe
[2012/10/01 12:13:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/26 09:02:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Donald\My Documents\dds.scr
[2012/09/25 22:26:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegAce
[2012/09/25 22:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donald\Local Settings\Application Data\AskToolbar
[2012/09/25 22:22:18 | 004,733,064 | ---- | C] (WebMinds, Inc. ) -- C:\Documents and Settings\Donald\My Documents\regacesetup.exe
[2012/09/23 02:19:53 | 022,801,616 | ---- | C] (CompanionLink Software, Inc. ) -- C:\Documents and Settings\Donald\My Documents\clpdt50setup(1).exe
[2012/09/23 02:09:00 | 022,801,616 | ---- | C] (CompanionLink Software, Inc. ) -- C:\Documents and Settings\Donald\My Documents\clpdt50setup.exe
[2012/08/14 18:17:14 | 000,458,752 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\Donald\Application Data\nmiscm.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Donald\My Documents\*.tmp files -> C:\Documents and Settings\Donald\My Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2012/10/02 01:49:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/10/02 01:35:46 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Donald\Desktop\OTL.exe
[2012/10/02 01:17:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/02 00:52:07 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Donald\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2012/10/02 00:52:07 | 000,000,932 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2012/10/02 00:51:20 | 007,902,008 | ---- | M] (VS Revo Group ) -- C:\Documents and Settings\Donald\My Documents\RevoUninProSetup.exe
[2012/10/01 12:21:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/01 12:21:28 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/10/01 12:17:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/30 03:00:00 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\RegAce Scheduled Scan - Donald.job
[2012/09/26 23:56:04 | 000,005,409 | ---- | M] () -- C:\Documents and Settings\Donald\Desktop\attach.zip
[2012/09/26 23:55:42 | 000,004,631 | ---- | M] () -- C:\Documents and Settings\Donald\Desktop\dds.zip
[2012/09/26 09:02:05 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Donald\My Documents\dds.scr
[2012/09/25 22:22:22 | 004,733,064 | ---- | M] (WebMinds, Inc. ) -- C:\Documents and Settings\Donald\My Documents\regacesetup.exe
[2012/09/23 02:20:16 | 022,801,616 | ---- | M] (CompanionLink Software, Inc. ) -- C:\Documents and Settings\Donald\My Documents\clpdt50setup(1).exe
[2012/09/23 02:09:22 | 022,801,616 | ---- | M] (CompanionLink Software, Inc. ) -- C:\Documents and Settings\Donald\My Documents\clpdt50setup.exe
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Donald\My Documents\*.tmp files -> C:\Documents and Settings\Donald\My Documents\*.tmp -> ]
========== Files Created - No Company Name ========== [2012/10/02 00:52:07 | 000,000,950 | ---- | C] () -- C:\Documents and Settings\Donald\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2012/10/02 00:52:07 | 000,000,932 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2012/09/26 23:56:04 | 000,005,409 | ---- | C] () -- C:\Documents and Settings\Donald\Desktop\attach.zip
[2012/09/26 23:55:42 | 000,004,631 | ---- | C] () -- C:\Documents and Settings\Donald\Desktop\dds.zip
[2012/09/25 22:26:46 | 000,000,374 | ---- | C] () -- C:\WINDOWS\tasks\RegAce Scheduled Scan - Donald.job
[2012/09/25 22:24:03 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/03/09 22:51:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/04 15:37:38 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.tv6
[2011/08/25 00:17:02 | 000,080,416 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp.dll
[2011/08/10 10:48:29 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/06/17 17:51:19 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Donald\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/12 12:04:59 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/04 07:11:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Donald\LOG
[2010/12/22 11:18:51 | 000,117,100 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2010/12/22 11:18:51 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2010/12/22 11:16:55 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2010/12/22 10:02:18 | 000,397,792 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/22 09:29:45 | 000,116,458 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2009/11/12 18:23:46 | 000,108,920 | ---- | C] () -- C:\Documents and Settings\Donald\g2ax_customer_downloadhelper_win32_x86.exe
[2009/07/19 10:46:32 | 000,003,530 | ---- | C] () -- C:\Documents and Settings\Donald\palm.csv
[2009/07/17 10:55:36 | 000,300,848 | ---- | C] ( ) -- C:\Documents and Settings\All Users\dcmsvcsetup.exe
[2009/07/17 10:55:34 | 000,009,960 | ---- | C] () -- C:\Documents and Settings\All Users\invokesi.exe
[2007/04/03 16:07:32 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/17 16:58:20 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Donald\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/07/11 19:00:11 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Donald\Local Settings\Application Data\fusioncache.dat
========== ZeroAccess Check ========== [2005/07/11 18:48:37 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ========== [2010/04/27 23:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2011/08/10 10:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2009/07/16 16:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2010/06/11 16:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2012/09/25 22:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegAce
[2009/10/27 22:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/27 23:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Toolbar4
[2012/10/01 12:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TwonkyMedia
[2012/10/01 12:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\twonkyserver
[2008/11/01 21:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2007/03/16 07:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/02/15 00:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/07/25 00:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/23 00:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/17 21:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/08/24 23:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B7A015B7-4802-4678-8CEC-700380BA9AFD}
[2010/09/28 23:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\Amazon
[2010/04/27 23:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\Any Video Converter
[2010/09/19 22:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\Binary Fortress Software
[2011/08/05 18:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\CallingID
[2011/08/10 10:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\Canneverbe Limited
[2009/12/30 16:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2011/08/05 18:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\comcasttb
[2008/12/15 13:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\CopyTrans
[2008/12/15 22:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\CopyTransControlCenter
[2008/12/17 21:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\CopyTransDoctor
[2011/09/25 15:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\DDMSettings
[2011/09/06 19:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\Digiarty
[2011/07/31 16:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\GetRightToGo
[2011/09/04 20:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\HandBrake
[2009/07/16 14:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\HotSync
[2010/02/18 17:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\iPodder
[2010/08/05 19:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\Jaran Nilsen
[2005/07/09 08:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\Leadertech
[2011/06/11 11:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\MioNetApplet
[2012/03/03 12:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\net.pixelevolution.hcr3
[2010/02/14 22:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\NormSoft
[2009/07/27 09:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\OfficeUpdate12
[2009/07/08 21:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\OpenOffice.org
[2010/01/31 17:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\Participatory Culture Foundation
[2011/07/31 16:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\Pavtube
[2006/08/19 14:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\Smith Micro
[2009/02/16 01:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\Southwest Airlines
[2011/07/29 08:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\Tific
[2011/09/06 19:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\TwonkyMedia
[2011/06/04 15:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\uTorrent
[2007/03/16 07:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\Viewpoint
[2009/06/22 15:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\W Photo Studio Viewer
[2010/06/11 15:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\WD
[2010/09/28 23:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\WeatherBug
[2010/02/15 00:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donald\Application Data\WindSolutions
========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
And then the Extras.txt
OTL Extras logfile created on: 10/2/2012 1:38:00 AM - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Documents and Settings\Donald\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 69.44% Memory free
4.35 Gb Paging File | 3.18 Gb Available in Paging File | 73.11% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 22.99 Gb Free Space | 30.86% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 232.78 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive X: | 928.30 Gb Total Space | 820.55 Gb Free Space | 88.39% Space Free | Partition Type: NTFS
Drive Y: | 928.30 Gb Total Space | 820.55 Gb Free Space | 88.39% Space Free | Partition Type: NTFS
Computer Name: DONALD-FDJSU4TP | User Name: Donald | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"14238:TCP" = 14238:TCP:*:Enabled:Hot Sync Manager
"1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access 0
"1701:TCP" = 1701:TCP:*:Enabled:MioNet Remote Drive Access 1
"1702:TCP" = 1702:TCP:*:Enabled:MioNet Remote Drive Access 2
"1703:TCP" = 1703:TCP:*:Enabled:MioNet Remote Drive Access 3
"1704:TCP" = 1704:TCP:*:Enabled:MioNet Remote Drive Access 4
"1705:TCP" = 1705:TCP:*:Enabled:MioNet Remote Drive Access 5
"1706:TCP" = 1706:TCP:*:Enabled:MioNet Remote Drive Access 6
"1707:TCP" = 1707:TCP:*:Enabled:MioNet Remote Drive Access 7
"1708:TCP" = 1708:TCP:*:Enabled:MioNet Remote Drive Access 8
"1709:TCP" = 1709:TCP:*:Enabled:MioNet Remote Drive Access 9
"1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification
"1647:TCP" = 1647:TCP:*:Enabled:MioNet Storage Device Configuration
"5432:UDP" = 5432:UDP:*:Enabled:MioNet Storage Device Discovery
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\1120188975\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1120188975\EE\AOLServiceHost.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOL -- (America Online Inc)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
"C:\Palm\PPLTReg.exe" = C:\Palm\PPLTReg.exe:*:Enabled:PPLTReg
"C:\Program Files\America Online 9.0b\waol.exe" = C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\1160841484\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1160841484\EE\AOLServiceHost.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\1167326973\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1167326973\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\MioNet\MioNetManager.exe" = C:\Program Files\MioNet\MioNetManager.exe:*:Enabled:MioNetManager
"C:\Program Files\MioNet\jvm\bin\MioNet.exe" = C:\Program Files\MioNet\jvm\bin\MioNet.exe:*:Enabled:MioNet
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\NetGear\ProSafe Plus Utility\ProSafe Plus Utility.exe" = C:\Program Files\NetGear\ProSafe Plus Utility\ProSafe Plus Utility.exe:*:Enabled:ProSafe Plus Utility -- ()
"C:\Program Files\NetGear\ProSafe Plus Utility\NsdpManager.exe" = C:\Program Files\NetGear\ProSafe Plus Utility\NsdpManager.exe:*:Enabled:NsdpManager -- ()
"C:\Program Files\NetGear\ProSafe Plus Utility\NetGearServer.exe" = C:\Program Files\NetGear\ProSafe Plus Utility\NetGearServer.exe:*:Enabled:NetGearServer -- ()
"C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe" = C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe:*:Enabled:TwonkyMedia -- (PacketVideo)
"C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe" = C:\Program Files\TwonkyMedia\TwonkyMediaServer.exe:*:Enabled:TwonkyMediaServer -- ()
"C:\Program Files\TwonkyMedia\MediaManager\TwonkyMediaManager.exe" = C:\Program Files\TwonkyMedia\MediaManager\TwonkyMediaManager.exe:*:Enabled:TwonkyMediaManager -- (PacketVideo )
"C:\Program Files\Twonky\TwonkyBeam\TMSLite\tms-beam.exe" = C:\Program Files\Twonky\TwonkyBeam\TMSLite\tms-beam.exe:*:Enabled:TwonkyServerLite -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03410014-3975-4267-9F39-1DC4745090B7}" = Microsoft Encarta Encyclopedia Standard 2003
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Camera Support Core Library
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{345112D9-0930-4A68-AB71-A831BA5DE7AA}" = Microsoft IntelliType Pro 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3571A4C6-E0C6-47A7-B587-845CE2A6DEB0}" = Acronis Migrate Easy
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Photo 7.0
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{4462265B-3DC7-44AD-B56D-D09BA67BA422}" = 6300
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{4F454B69-4619-44E9-848F-3FC49BC8D9BB}" = Palm VersaMail(tm)
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.41 .1
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
"{68131B0A-D78D-4aed-B74E-33A6C7324E50}" = WD Anywhere Backup
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = RAW Image Task 1.1
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7729C083-48C3-4A0F-9692-30673AC856DB}" = ProSafe Plus Utility
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7CC673E7-5271-409D-B196-BB76DA60300B}" = TwonkyMedia Windows Components
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}" = Microsoft Works Suite Add-in for Microsoft Word
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Camera Window
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BB7DEA41-298E-450B-9C3A-E7B48D9D021B}" = 6300_Help
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE0FCA1-4E95-11D4-9875-00105ACE7734}" = Logitech User's Guide
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = RemoteCapture Task 1.0.3
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DBD40476-78A4-4738-86B4-A5FB8807946D}" = NETGEAR GA311 Gigabit Adapter
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{E75D6968-E023-8BD2-26A7-15B53D07EEF8}" = HCR3 Exercise v1.4
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F2AB49F2-D632-446C-9A6E-5B4A98DFF13B}" = 6300Trb
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AOL Uninstaller" = AOL Uninstaller
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"dcmsvc_is1" = dcmsvc 1.0
"DivX Setup" = DivX Setup
"DVDFab 8 Qt_is1" = DVDFab 8.1.1.2 (08/08/2011) Qt
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Canon Camera Support Core Library
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{7729C083-48C3-4A0F-9692-30673AC856DB}" = ProSafe Plus Utility
"InstallShield_{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{DBD40476-78A4-4738-86B4-A5FB8807946D}" = NETGEAR GA311 Smart Wizard Utility
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"Logitech Resource Center" = Logitech Resource Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"N360" = Norton Security Suite
"net.pixelevolution.hcr3" = HCR3 Exercise v1.4
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Photo Viewer_is1" = Photo Viewer s2.5
"Pocket Tunes" = Pocket Tunes 5.0.0
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Q903235" = Internet Explorer Q903235
"QuickLink Mobile Phonebook" = QuickLink Mobile Phonebook
"Shockwave" = Shockwave
"TwonkyBeam for Internet Explorer" = TwonkyBeam for Internet Explorer
"TwonkyManager" = TwonkyManager
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 2.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinX Blu-ray Decrypter_is1" = WinX Blu-ray Decrypter 3.0.0
"WinX DVD Author_is1" = WinX DVD Author 5.9
"WinX DVD Copy Pro_is1" = WinX DVD Copy Pro 2.2.0
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2003Setup" = Microsoft Works 2003 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{4F454B69-4619-44E9-848F-3FC49BC8D9BB}" = Palm VersaMail(tm)
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 9/23/2012 5:40:37 AM | Computer Name = DONALD-FDJSU4TP | Source = AntiSpywareService | ID = 0
Description =
Error - 9/24/2012 5:01:10 AM | Computer Name = DONALD-FDJSU4TP | Source = AntiSpywareService | ID = 0
Description =
Error - 9/24/2012 1:27:22 PM | Computer Name = DONALD-FDJSU4TP | Source = AntiSpywareService | ID = 0
Description =
Error - 9/25/2012 2:36:03 AM | Computer Name = DONALD-FDJSU4TP | Source = Microsoft Office 11 | ID = 2001
Description =
Error - 9/26/2012 11:22:59 AM | Computer Name = DONALD-FDJSU4TP | Source = AntiSpywareService | ID = 0
Description =
Error - 10/1/2012 2:35:18 PM | Computer Name = DONALD-FDJSU4TP | Source = AntiSpywareService | ID = 0
Description =
Error - 10/1/2012 2:55:39 PM | Computer Name = DONALD-FDJSU4TP | Source = AntiSpywareService | ID = 0
Description =
Error - 10/1/2012 3:22:02 PM | Computer Name = DONALD-FDJSU4TP | Source = AntiSpywareService | ID = 0
Description =
Error - 10/2/2012 12:03:42 AM | Computer Name = DONALD-FDJSU4TP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 10.0.2.4428, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 10/2/2012 12:04:23 AM | Computer Name = DONALD-FDJSU4TP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 10.0.2.4428, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 10/1/2012 2:33:14 PM | Computer Name = DONALD-FDJSU4TP | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126
Error - 10/1/2012 2:53:20 PM | Computer Name = DONALD-FDJSU4TP | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126
Error - 10/1/2012 2:54:07 PM | Computer Name = DONALD-FDJSU4TP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.
Error - 10/1/2012 2:54:07 PM | Computer Name = DONALD-FDJSU4TP | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053
Error - 10/1/2012 2:55:22 PM | Computer Name = DONALD-FDJSU4TP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.
Error - 10/1/2012 2:55:39 PM | Computer Name = DONALD-FDJSU4TP | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053
Error - 10/1/2012 3:20:23 PM | Computer Name = DONALD-FDJSU4TP | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126
Error - 10/1/2012 3:20:40 PM | Computer Name = DONALD-FDJSU4TP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.
Error - 10/1/2012 3:20:40 PM | Computer Name = DONALD-FDJSU4TP | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053
Error - 10/1/2012 3:22:04 PM | Computer Name = DONALD-FDJSU4TP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.
< End of report >
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-02 01:57:23
-----------------------------
01:57:23.171 OS Version: Windows 5.1.2600 Service Pack 3
01:57:23.171 Number of processors: 1 586 0x209
01:57:23.171 ComputerName: DONALD-FDJSU4TP UserName: Donald
01:57:24.125 Initialize success
02:01:01.906 AVAST engine defs: 12100101
02:02:09.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
02:02:09.812 Disk 0 Vendor: ST380011A 8.16 Size: 76293MB BusType: 3
02:02:09.828 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
02:02:09.828 Disk 1 Vendor: WDC_WD2500BB-00GUA0 08.02D08 Size: 238475MB BusType: 3
02:02:09.843 Disk 0 MBR read successfully
02:02:09.843 Disk 0 MBR scan
02:02:09.890 Disk 0 Windows XP default MBR code
02:02:09.890 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76285 MB offset 63
02:02:09.906 Disk 0 scanning sectors +156232125
02:02:10.000 Disk 0 scanning C:\WINDOWS\system32\drivers
02:02:32.875 Service scanning
02:03:06.968 Modules scanning
02:03:25.421 Disk 0 trace - called modules:
02:03:25.421 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
02:03:25.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8adfbab8]
02:03:25.437 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8add1d98]
02:03:25.890 AVAST engine scan C:\WINDOWS
02:03:53.390 AVAST engine scan C:\WINDOWS\system32
02:11:47.078 AVAST engine scan C:\WINDOWS\system32\drivers
02:13:24.265 AVAST engine scan C:\Documents and Settings\Donald
02:22:44.265 File: C:\Documents and Settings\Donald\Application Data\nmiscm.dll **INFECTED** Win32:Medfos [Trj]
02:43:57.906 AVAST engine scan C:\Documents and Settings\All Users
02:54:00.250 Scan finished successfully
10:36:56.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Donald\Desktop\MBR.dat"
10:36:56.703 The log file has been saved successfully to "C:\Documents and Settings\Donald\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-02 01:57:23
-----------------------------
01:57:23.171 OS Version: Windows 5.1.2600 Service Pack 3
01:57:23.171 Number of processors: 1 586 0x209
01:57:23.171 ComputerName: DONALD-FDJSU4TP UserName: Donald
01:57:24.125 Initialize success
02:01:01.906 AVAST engine defs: 12100101
02:02:09.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
02:02:09.812 Disk 0 Vendor: ST380011A 8.16 Size: 76293MB BusType: 3
02:02:09.828 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
02:02:09.828 Disk 1 Vendor: WDC_WD2500BB-00GUA0 08.02D08 Size: 238475MB BusType: 3
02:02:09.843 Disk 0 MBR read successfully
02:02:09.843 Disk 0 MBR scan
02:02:09.890 Disk 0 Windows XP default MBR code
02:02:09.890 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76285 MB offset 63
02:02:09.906 Disk 0 scanning sectors +156232125
02:02:10.000 Disk 0 scanning C:\WINDOWS\system32\drivers
02:02:32.875 Service scanning
02:03:06.968 Modules scanning
02:03:25.421 Disk 0 trace - called modules:
02:03:25.421 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
02:03:25.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8adfbab8]
02:03:25.437 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8add1d98]
02:03:25.890 AVAST engine scan C:\WINDOWS
02:03:53.390 AVAST engine scan C:\WINDOWS\system32
02:11:47.078 AVAST engine scan C:\WINDOWS\system32\drivers
02:13:24.265 AVAST engine scan C:\Documents and Settings\Donald
02:22:44.265 File: C:\Documents and Settings\Donald\Application Data\nmiscm.dll **INFECTED** Win32:Medfos [Trj]
02:43:57.906 AVAST engine scan C:\Documents and Settings\All Users
02:54:00.250 Scan finished successfully
10:36:56.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Donald\Desktop\MBR.dat"
10:36:56.703 The log file has been saved successfully to "C:\Documents and Settings\Donald\Desktop\aswMBR.txt"
10:38:42.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Donald\Desktop\MBR.dat"
10:38:42.796 The log file has been saved successfully to "C:\Documents and Settings\Donald\Desktop\aswMBR.txt"