First, ComboFix log. Also, I assume this is normal, but CF said it had to install a mandatory update in the middle of this process. Just FYI in case. ;)
ComboFix 11-05-30.07 - mtaylor 05/31/2011 8:15.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.466 [GMT -4:00]
Running from: c:\documents and settings\MTaylor\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\MTaylor\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-31 )))))))))))))))))))))))))))))))
.
.
2011-05-26 02:20 . 2011-05-26 02:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple
2011-05-23 19:32 . 2011-05-23 20:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AskToolbar
2011-05-23 19:32 . 2011-05-23 19:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AIM Toolbar
2011-05-20 20:09 . 2011-05-20 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-05-20 20:09 . 2011-05-20 20:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-05-20 20:08 . 2011-05-20 20:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-20 17:46 . 2011-05-20 17:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-05-20 17:46 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-20 17:46 . 2011-05-20 17:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-20 17:46 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-20 17:31 . 2011-05-20 17:31 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2011-05-20 17:31 . 2011-05-20 17:31 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-05-20 17:30 . 2011-05-20 17:30 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-05-19 12:48 . 2011-05-19 12:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2004-08-11 23:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-11 23:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-11 23:00 1857920 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-27_17.35.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-30 01:47 . 2011-05-30 15:05 210432 c:\windows\TIREMOTE\TIAgentConfig.exe
- 2008-01-30 01:47 . 2011-05-18 15:24 210432 c:\windows\TIREMOTE\TIAgentConfig.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 20:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Track-It! Workstation Manager Service Monitor"="c:\windows\TIREMOTE\TIServiceMonitor.exe" [2008-11-13 166912]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2005-10-19 20531]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SmartSoft PDF Printer Agent.lnk - c:\program files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe [2010-3-25 62864]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2005-10-04 16:42 48752 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Check Version]
2005-10-19 09:40 53299 ----a-w- c:\program files\IBM\Client Access\cwbckver.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Express Welcome]
2005-10-19 09:40 20531 ----a-w- c:\program files\IBM\Client Access\cwbwlwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Help Update]
2005-10-19 09:40 28723 ----a-w- c:\program files\IBM\Client Access\cwbinhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Service]
2005-10-19 09:40 20531 ----a-w- c:\program files\IBM\Client Access\cwbsvstr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2005-05-31 09:33 122941 ----a-w- c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 22:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 06:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 21:32 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 21:36 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 21:35 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 22:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 22:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-15 01:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-11-09 20:07 49263 ----a-w- c:\program files\Java\jre1.5.0_10\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Track-It! Workstation Manager Service Monitor]
2008-11-13 22:24 166912 ----a-w- c:\windows\TIREMOTE\TIServiceMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
2005-11-15 17:28 85744 ----a-w- c:\progra~1\SYMANT~1\VPTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe]
2006-09-20 13:35 20480 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"helpsvc"=2 (0x2)
"Fax"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 1:27 PM 169200]
R2 TIRmtSvc;Track-It! Workstation Manager;c:\windows\TIREMOTE\TIRemoteService.exe [1/29/2008 9:46 PM 219136]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/12/2009 10:14 AM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/11/2011 4:06 PM 105592]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/22/2008 12:49 AM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/22/2008 12:49 AM 8320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-01-25 c:\windows\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
- c:\program files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe [2005-04-18 07:01]
.
2011-05-31 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 20:50]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: 0.0.4.77
Trusted Zone: microsoft.com\office
Trusted Zone: wachovia.com
TCP: DhcpNameServer = 10.10.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-05-31 08:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-05-31 08:23:30
ComboFix-quarantined-files.txt 2011-05-31 12:23
ComboFix2.txt 2011-05-27 17:37
.
Pre-Run: 54,272,339,968 bytes free
Post-Run: 54,257,876,992 bytes free
.
- - End Of File - - BFF200831F99C9610CFA932A7DC0D8C6
OTL logfile created on: 5/31/2011 9:12:40 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\MTaylor\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.07 Mb Total Physical Memory | 467.30 Mb Available Physical Memory | 46.08% Memory free
2.39 Gb Paging File | 2.01 Gb Available in Paging File | 84.28% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 50.56 Gb Free Space | 67.92% Space Free | Partition Type: NTFS
Drive G: | 167.19 Gb Total Space | 101.46 Gb Free Space | 60.68% Space Free | Partition Type: NTFS
Drive H: | 167.19 Gb Total Space | 101.46 Gb Free Space | 60.68% Space Free | Partition Type: NTFS
Drive U: | 167.19 Gb Total Space | 101.46 Gb Free Space | 60.68% Space Free | Partition Type: NTFS
Drive W: | 167.19 Gb Total Space | 101.46 Gb Free Space | 60.68% Space Free | Partition Type: NTFS
Drive X: | 167.19 Gb Total Space | 101.46 Gb Free Space | 60.68% Space Free | Partition Type: NTFS
Drive Y: | 167.19 Gb Total Space | 101.46 Gb Free Space | 60.68% Space Free | Partition Type: NTFS
Drive Z: | 167.19 Gb Total Space | 101.46 Gb Free Space | 60.68% Space Free | Partition Type: NTFS
Computer Name: MK08XP | User Name: mtaylor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/05/31 09:10:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MTaylor\Desktop\OTL.exe
PRC - [2009/04/09 19:01:38 | 000,219,136 | ---- | M] (Numara Software, Inc.) -- C:\WINDOWS\TIREMOTE\TIRemoteService.exe
PRC - [2008/11/13 18:24:36 | 000,166,912 | ---- | M] (Numara Software, Inc.) -- C:\WINDOWS\TIREMOTE\TIServiceMonitor.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/07 07:38:36 | 000,028,717 | ---- | M] (IBM Corp) -- C:\WINDOWS\system32\nsl.exe
PRC - [2007/03/07 07:38:34 | 000,020,530 | ---- | M] (IBM Corp) -- C:\WINDOWS\system32\nslsvice.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/11/15 13:28:04 | 000,085,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2005/11/15 13:27:56 | 000,169,200 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2005/11/15 13:27:44 | 000,020,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/10/04 12:42:50 | 000,177,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/10/04 12:42:42 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/02/13 12:47:02 | 000,155,648 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe
========== Modules (SafeList) ==========
MOD - [2011/05/31 09:10:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MTaylor\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/04/09 19:01:38 | 000,219,136 | ---- | M] (Numara Software, Inc.) [Auto | Running] -- C:\WINDOWS\TIREMOTE\TIRemoteService.exe -- (TIRmtSvc)
SRV - [2007/03/07 07:38:34 | 000,020,530 | ---- | M] (IBM Corp) [Auto | Running] -- C:\WINDOWS\system32\nslsvice.exe -- (Lotus Notes Single Logon)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/11/15 13:27:56 | 000,169,200 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/11/15 13:27:54 | 001,756,912 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/11/15 13:27:44 | 000,020,208 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/10/19 17:39:34 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/10/04 12:42:50 | 000,177,776 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/10/04 12:42:48 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/10/04 12:42:42 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/03/30 21:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004/02/13 12:47:02 | 000,155,648 | ---- | M] (Dell Inc) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap)
========== Driver Services (SafeList) ==========
DRV - [2011/05/26 19:40:44 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110526.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/26 19:40:44 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110526.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/11 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/11 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/08/22 00:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/22 00:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/06/18 21:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2005/10/19 17:39:04 | 000,195,728 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/10/19 17:38:58 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/09/17 00:20:06 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/08/26 14:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/26 14:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/03/30 21:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/03/17 16:30:10 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 16:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/02/13 12:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/09/19 16:47:24 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL =
http://www.google.com/ig/dell?hl=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
http://www.google.com/ig/dell?hl=en&client=dell
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1641625249-1138248884-8547516-1132\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1641625249-1138248884-8547516-1132\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1641625249-1138248884-8547516-1132\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.com/
IE - HKU\S-1-5-21-1641625249-1138248884-8547516-1132\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\S-1-5-21-1641625249-1138248884-8547516-1132\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKU\S-1-5-21-1641625249-1138248884-8547516-1132\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1641625249-1138248884-8547516-1132\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2011/05/27 13:35:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-1641625249-1138248884-8547516-1132\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation)
O4 - HKLM..\Run: [Track-It! Workstation Manager Service Monitor] C:\WINDOWS\TIREMOTE\TIServiceMonitor.exe (Numara Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SmartSoft PDF Printer Agent.lnk = C:\Program Files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1641625249-1138248884-8547516-1132\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1641625249-1138248884-8547516-1132\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1641625249-1138248884-8547516-1132\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1641625249-1138248884-8547516-1132\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\NPJPI150_10.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-1641625249-1138248884-8547516-1132\..Trusted Domains: 0.0.4.77 ([]file in Local intranet)
O15 - HKU\S-1-5-21-1641625249-1138248884-8547516-1132\..Trusted Domains: 0.0.4.77 ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1641625249-1138248884-8547516-1132\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKU\S-1-5-21-1641625249-1138248884-8547516-1132\..Trusted Domains: wachovia.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1641625249-1138248884-8547516-1132\..Trusted Ranges: Range33 ([file] in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089}
http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}
http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}
http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809}
http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}
http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD}
http://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.10.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = syphrit.leighfibers.com
O18 - Protocol\Handler\schmap-help - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/12/06 11:07:56 | 000,072,192 | ---- | M] () - H:\Auto Expense Mileage Record.doc -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/31 09:10:06 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MTaylor\Desktop\OTL.exe
[2011/05/31 08:14:47 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/05/27 13:30:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/27 13:28:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/27 13:28:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/27 13:28:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/27 13:28:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/27 13:28:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/27 13:28:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/27 13:28:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MTaylor\Start Menu\Programs\Administrative Tools
[2011/05/27 13:23:57 | 004,108,231 | R--- | C] (Swearware) -- C:\Documents and Settings\MTaylor\Desktop\ComboFix.exe
[2011/05/20 16:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/20 16:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/05/20 16:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/20 13:46:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/20 13:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/20 13:46:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/20 13:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/20 09:39:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MTaylor\Recent
[2011/05/20 09:35:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MTaylor\Start Menu\Programs\Windows XP Recovery
[2011/05/19 08:48:12 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2008/02/19 10:34:42 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/05/31 09:10:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MTaylor\Desktop\OTL.exe
[2011/05/31 09:01:00 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/05/31 08:14:17 | 004,108,231 | R--- | M] (Swearware) -- C:\Documents and Settings\MTaylor\Desktop\ComboFix.exe
[2011/05/30 11:09:01 | 000,000,065 | -H-- | M] () -- C:\TrackitAudit.id
[2011/05/27 13:35:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/27 13:30:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/27 12:53:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/26 20:56:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/25 22:20:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/20 16:09:03 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/20 13:46:38 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/20 09:35:09 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~17293092r
[2011/05/20 09:35:09 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~17293092
[2011/05/20 09:35:08 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\MTaylor\Desktop\Windows XP Recovery.lnk
[2011/05/20 09:34:58 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17293092
[2011/05/20 08:19:20 | 000,001,146 | ---- | M] () -- C:\Documents and Settings\MTaylor\Desktop\mtaylor on 'summit' (V).lnk
[2011/05/19 08:48:12 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/17 15:20:12 | 000,000,229 | ---- | M] () -- C:\Documents and Settings\MTaylor\Desktop\FedEx Tracking - FedEx Shipping - FedEx Web Site.url
[2011/05/10 15:28:13 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\MTaylor\Desktop\Salesforce.com - Customer Secure Login Page.url
[2011/05/09 15:41:44 | 000,025,223 | ---- | M] () -- C:\Documents and Settings\MTaylor\Desktop\70543-LeighCarpet-LHead-F.pdf
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/05/27 13:33:04 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SmartSoft PDF Printer Agent.lnk
[2011/05/27 13:32:53 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/27 13:32:53 | 000,002,073 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop Album Starter Edition 3.2.lnk
[2011/05/27 13:32:53 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/05/27 13:32:53 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/05/27 13:32:53 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD.lnk
[2011/05/27 13:32:53 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop Elements 2.0.lnk
[2011/05/27 13:32:53 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat_com.lnk
[2011/05/27 13:32:53 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/05/27 13:32:53 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/05/27 13:30:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/27 13:30:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/27 13:28:28 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/27 13:28:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/27 13:28:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/27 13:28:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/27 13:28:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/27 13:01:51 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\MTaylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/05/27 13:01:50 | 000,002,067 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Album Starter Edition 3.2.lnk
[2011/05/27 13:01:50 | 000,001,875 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Express.lnk
[2011/05/27 13:01:50 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/05/27 13:01:50 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\MTaylor\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM 6.lnk
[2011/05/27 13:01:50 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/05/27 13:01:50 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lotus Notes 6.5.lnk
[2011/05/27 13:01:50 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2011/05/27 13:01:50 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\MTaylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/05/27 13:01:50 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\MTaylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/27 13:01:50 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\MTaylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/05/20 16:09:03 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/20 13:46:38 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/20 09:35:09 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17293092r
[2011/05/20 09:35:09 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17293092
[2011/05/20 09:35:08 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\MTaylor\Desktop\Windows XP Recovery.lnk
[2011/05/20 09:34:58 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17293092
[2011/05/09 15:41:44 | 000,025,223 | ---- | C] () -- C:\Documents and Settings\MTaylor\Desktop\70543-LeighCarpet-LHead-F.pdf
[2009/10/09 11:04:58 | 000,126,976 | ---- | C] () -- C:\WINDOWS\cwbzip.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/03/10 08:46:09 | 000,000,024 | ---- | C] () -- C:\WINDOWS\mm_help.ini
[2009/03/10 08:27:26 | 000,001,651 | ---- | C] () -- C:\WINDOWS\msg_mgr.ini
[2009/03/10 08:27:26 | 000,000,275 | ---- | C] () -- C:\WINDOWS\attwktop.ini
[2008/04/01 09:29:25 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/04/01 09:17:54 | 000,142,067 | ---- | C] () -- C:\WINDOWS\hpwins05.dat
[2008/02/19 10:33:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2008/02/19 10:31:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\hookdllX.dll
[2008/02/19 10:31:15 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/01/29 21:46:54 | 000,094,208 | ---- | C] () -- C:\WINDOWS\TIRHService.exe
[2007/07/06 14:58:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/05/13 19:58:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2007/01/10 16:59:57 | 000,000,184 | ---- | C] () -- C:\WINDOWS\SchmapPlayer.INI
[2006/09/25 08:09:05 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/09/21 10:54:01 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2006/09/20 04:25:44 | 000,012,416 | ---- | C] () -- C:\WINDOWS\hpwscr05.dat
[2006/09/07 15:41:04 | 000,003,953 | ---- | C] () -- C:\WINDOWS\hpwmdl05.dat
[2006/05/18 15:20:42 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/05/18 15:20:33 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2006/05/18 15:20:15 | 000,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini
[2006/05/18 15:20:05 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/05/18 15:19:51 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/05/18 15:18:45 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/05/18 15:17:35 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/03/16 09:34:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/03/13 10:00:21 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/03/10 17:55:22 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\MTaylor\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/10 17:04:56 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2006/03/10 17:00:05 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\MTaylor\Local Settings\Application Data\fusioncache.dat
[2006/03/10 16:23:32 | 000,112,397 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2006/03/10 16:23:32 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2006/03/10 15:30:09 | 000,000,158 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2006/03/10 15:25:36 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2006/03/10 15:25:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\uninscpw.exe
[2006/03/10 12:16:05 | 000,000,547 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2006/03/09 17:36:27 | 000,000,566 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/09 17:03:59 | 000,020,534 | ---- | C] () -- C:\WINDOWS\System32\cwbunplp.exe
[2006/03/09 17:03:53 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2006/03/09 17:03:53 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll
[2006/03/09 17:03:53 | 000,020,529 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2006/03/09 17:03:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll
[2006/03/09 17:03:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll
[2006/03/09 17:03:53 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll
[2006/03/09 17:03:53 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll
[2006/03/09 17:03:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll
[2006/03/07 16:11:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/07 16:10:55 | 000,001,765 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/07 15:55:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/03/07 15:54:56 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/05/04 21:54:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 19:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 19:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 19:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 19:06:43 | 000,399,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 19:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 19:00:28 | 000,442,466 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 19:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 19:00:28 | 000,071,732 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 19:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 19:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 19:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 19:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 19:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 19:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 19:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 19:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
< End of report >
OTL Extras logfile created on: 5/31/2011 9:12:40 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\MTaylor\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.07 Mb Total Physical Memory | 467.30 Mb Available Physical Memory | 46.08% Memory free
2.39 Gb Paging File | 2.01 Gb Available in Paging File | 84.28% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 50.56 Gb Free Space | 67.92% Space Free | Partition Type: NTFS
Drive G: | 167.19 Gb Total Space | 101.46 Gb Free Space | 60.68% Space Free | Partition Type: NTFS
Drive H: | 167.19 Gb Total Space | 101.46 Gb Free Space | 60.68% Space Free | Partition Type: NTFS
Drive U: | 167.19 Gb Total Space | 101.46 Gb Free Space | 60.68% Space Free | Partition Type: NTFS
Drive W: | 167.19 Gb Total Space | 101.46 Gb Free Space | 60.68% Space Free | Partition Type: NTFS
Drive X: | 167.19 Gb Total Space | 101.46 Gb Free Space | 60.68% Space Free | Partition Type: NTFS
Drive Y: | 167.19 Gb Total Space | 101.46 Gb Free Space | 60.68% Space Free | Partition Type: NTFS
Drive Z: | 167.19 Gb Total Space | 101.46 Gb Free Space | 60.68% Space Free | Partition Type: NTFS
Computer Name: MK08XP | User Name: mtaylor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\Avaya\Message Manager\msg_mgr.exe" = C:\Program Files\Avaya\Message Manager\msg_mgr.exe:*:Enabled:Message Manager -- (Avaya Inc.)
"C:\WINDOWS\TIREMOTE\TIRemoteService.exe" = C:\WINDOWS\TIREMOTE\TIRemoteService.exe:*:Enabled:Track-It! Workstation Manager -- (Numara Software, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{058B32E2-6310-4359-B2D4-1988390C3B83}" = Broadcom Advanced Control Suite
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{138BD312-3557-40F8-BC5E-6DFF00A6880D}" = BPDSoftware_Ini
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{17E81C48-407E-499f-A105-1B49ACDB9BA4}" = ProductContext
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{2CC982C0-7EAE-11D4-ACC3-0050568AD318}" = Avery DesignPro
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{41846938-6A9E-488B-9E37-21F7D814ECFA}" = mpmri
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{46B63F23-2B4A-4525-A827-688026BE5E40}" = Symantec AntiVirus
"{4AE80E7B-6633-4046-9C15-D3B281C4F73D}" = BPDSoftware
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{591E7BDE-DBBF-4C32-9894-8DD1426CF060}" = Salesforce.com Lotus Notes Edition 3
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5BFE01FF-189F-4b75-8FA8-9B7CD7F9C529}" = L7500
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{65D355A5-886B-4F92-A33D-3E7201E44571}" = Lotus Notes 6.5.6
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Wizard 3.0
"{6DE9751D-3FFE-400E-8761-26A92DB734DE}" = BPD_HPSU
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}" = Presto! PageManager 7.12.10
"{73726B45-FD55-4AA8-852F-4AB3285E6CAC}" = mp
"{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}" = OMCI
"{7729A02E-D1AD-4830-8FC5-11853500D90D}" = HP Officejet Pro All-In-One Series
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8C045626-4496-4238-B3B8-394CC6D46427}" = 7500_7600_7700_Help
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D48AD533-BAD5-469B-A9AA-272C6D80E70B}" = MPM
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Google
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7C3A14-1D20-49F6-B903-491561076F0F}" = ArcSoft Software Suite
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"Avaya Message Manager" = Avaya Message Manager
"ClientAccessExpress" = IBM iSeries Access for Windows
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CutePDF Writer Installation" = CutePDF Writer 2.8
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"HTML Help Workshop" = HTML Help Workshop
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Wizard 3.0
"Lexmark_HostCD" = Lexmark Software Uninstall
"LexmarkX500Network" = Lexmark X500 Series Network TWAIN Scan
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Numara Track-It! 8 Agent" = Numara Track-It! 8 Agent
"PROPLUS" = Microsoft Office Professional Plus 2007
"Smart PDF Converter Pro_is1" = Smart PDF Converter Pro 5.0.1.335
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"ST6UNST #1" = AutoConfiguration
"ST6UNST #2" = WMVConverter - Digital Spectrum Inc
"ST6UNST #3" = AutoConfiguration (C:\Program Files\AutoConfiguration\)
"ST6UNST #4" = AutoConfiguration (C:\Program Files\AutoConfiguration\) #3
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1641625249-1138248884-8547516-1132\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/25/2011 1:43:13 PM | Computer Name = MK08XP | Source = Application Hang | ID = 1002
Description = Hanging application nlnotes.exe, version 6.5.60.7065, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 3/29/2011 9:53:02 AM | Computer Name = MK08XP | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Threat: Trojan.Adclicker in File: c:\windows\system32\macromed\flash\flash10m.ocx
by: Manual scan. Action: Leave Alone succeeded. Action Description: The file
was left unchanged.
Error - 3/29/2011 9:55:41 AM | Computer Name = MK08XP | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: Trojan.Adclicker in File: c:\windows\system32\macromed\flash\flash10m.ocx
by: Manual scan. Action: Clean was partially successful.. Action Description:
Clean was partially successful.
Error - 4/6/2011 1:24:14 PM | Computer Name = MK08XP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/6/2011 1:32:45 PM | Computer Name = MK08XP | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/6/2011 1:46:26 PM | Computer Name = MK08XP | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 5/13/2011 3:15:34 PM | Computer Name = MK08XP | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 ois.exe, P2 12.0.6413.1000, P3 ntdll.dll,
P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 5/20/2011 9:25:41 AM | Computer Name = MK08XP | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Backdoor.Tidserv in File: C:\WINDOWS\system32\drivers\79647.sys
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.
Error - 5/26/2011 8:57:09 PM | Computer Name = MK08XP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.
Error - 5/26/2011 8:57:10 PM | Computer Name = MK08XP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.
[ System Events ]
Error - 5/23/2011 8:04:35 AM | Computer Name = MK08XP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service Iap with arguments
"-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}
Error - 5/25/2011 3:13:35 PM | Computer Name = MK08XP | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 5/26/2011 8:01:00 PM | Computer Name = MK08XP | Source = NETLOGON | ID = 5776
Description = Failed to create/open file \system32\config\netlogon.ftl with the
following error: %%5
Error - 5/26/2011 8:57:09 PM | Computer Name = MK08XP | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain SYPHRIT due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.
Error - 5/26/2011 8:57:18 PM | Computer Name = MK08XP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 5/26/2011 8:57:19 PM | Computer Name = MK08XP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.
Error - 5/26/2011 8:57:25 PM | Computer Name = MK08XP | Source = Print | ID = 33
Description = The PrintQueue Container could not be found because the DNS Domain
name could not be retrieved. Error: 54b
Error - 5/26/2011 8:57:52 PM | Computer Name = MK08XP | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MF11XP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BB54970D-71C6-493C-91.
The
master browser is stopping or an election is being forced.
Error - 5/26/2011 9:02:54 PM | Computer Name = MK08XP | Source = NETLOGON | ID = 5776
Description = Failed to create/open file \system32\config\netlogon.ftl with the
following error: %%5
Error - 5/27/2011 11:57:44 AM | Computer Name = MK08XP | Source = NETLOGON | ID = 5776
Description = Failed to create/open file \system32\config\netlogon.ftl with the
following error: %%5
< End of report >
Help
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
This topic is locked
attach.txt (20.94K)
Back to top
icon on your desktop.
button.
