Help
This topic is locked
SweetTech,
1. Below is log for ESET Online Scanner.
C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
C:\Program Files\Yontoo Layers Runtime\YontooIEClient_2.dll a variant of Win32/Adware.Yontoo.A application
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1327\A0134443.dll probably a variant of Win32/Agent.CSUPBSV trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1339\A0135257.dll a variant of Win32/Adware.Yontoo.B application
C:\Temporary\BV\Temp\MECH-IN-PROCESS\VENDORS\AHU\TRANE\HbUninst.exe probably a variant of Win32/Adware.HotBar application
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient. DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Infected with TDSS Bing and Google redirect Need help removing
Back to top
#17
- Agent ST
-
- Group: Malware Response Team
- Posts: 12,666
- Joined: 15-March 09
- Gender:Male
- Location:Antarctica
Posted 08 February 2012 - 03:09 AM
Hi noogman!
That log looks good!
I see a few things that we'll need to address.
Do you happen to recognize this file or the folder that contains this file?
C:\Temporary\BV\Temp\MECH-IN-PROCESS\VENDORS\AHU\TRANE\HbUninst.exe probably a variant of Win32/Adware.HotBar application
Please go to Start > Control Panel > Add/Remove Programs > Look for Yontoo Layers (if present) and click on Remove.
Then do this:
Go to your Tools menu in Firefox and go to Add-Ons.
Look for an add-on called Yontoo Layers. If present, please click Uninstall/Remove.
These threat(s) below are currently in Quarantine/System Restore and shall be removed when we clean up our tools later on.
===========
Malwarebytes' Anti-Malware
I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
NEXT:
Security Check
Download Security Check by screen317 from here or here.
That log looks good!
I see a few things that we'll need to address.
Do you happen to recognize this file or the folder that contains this file?
C:\Temporary\BV\Temp\MECH-IN-PROCESS\VENDORS\AHU\TRANE\HbUninst.exe probably a variant of Win32/Adware.HotBar application
Please go to Start > Control Panel > Add/Remove Programs > Look for Yontoo Layers (if present) and click on Remove.
Then do this:
Go to your Tools menu in Firefox and go to Add-Ons.
Look for an add-on called Yontoo Layers. If present, please click Uninstall/Remove.
These threat(s) below are currently in Quarantine/System Restore and shall be removed when we clean up our tools later on.
Quote
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1327\A0134443.dll probably a variant of Win32/Agent.CSUPBSV trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1339\A0135257.dll a variant of Win32/Adware.Yontoo.B application
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1327\A0134443.dll probably a variant of Win32/Agent.CSUPBSV trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1339\A0135257.dll a variant of Win32/Adware.Yontoo.B application
===========
Malwarebytes' Anti-Malware
I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:
- Open Malwarebytes' Anti-Malware
- Select the Update tab
- Click Check for Updates
- After the update have been completed, Select the Scanner tab.
- Select Perform quick scan, then click on Scan
- Leave the default options as it is and click on Start Scan
- When done, you will be prompted. Click OK, then click on Show Results
- Checked (ticked) all items and click on Remove Selected
- After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
NEXT:
Security Check
Download Security Check by screen317 from here or here.
- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
This post has been edited by SweetTech: 08 February 2012 - 03:13 AM
Have I helped you? If you'd like to assist in the fight against malware, click here 
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
#18
- Member
-
- Group: Members
- Posts: 17
- Joined: 23-January 12
Posted 10 February 2012 - 08:38 AM
SweetTech,
1. The folder was something I copied from someone else's computer. I don't recognize the file, it can be deleted.
2. Yontoo layers not present.
3. I do not have Firefox. Current I use either IE or Google Chrome. I can disable Yontoo layers in IE, but not uninstall.
4. I have the free version of Malwarebytes. After scan is complete it automatically post a log with no option to "Show Results". I was not given the option to check off or remove any items. Below is log:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.10.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
gdouglas :: GARYD [administrator]
2/10/2012 8:21:46 AM
mbam-log-2012-02-10 (08-21-46).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 408674
Time elapsed: 7 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
5. Below is Security Check log:
Results of screen317's Security Check version 0.99.31
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
AccusizeSetup
Symantec Endpoint Protection
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Java™ 6 Update 17
Java version out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbam.exe
``````````End of Log````````````
1. The folder was something I copied from someone else's computer. I don't recognize the file, it can be deleted.
2. Yontoo layers not present.
3. I do not have Firefox. Current I use either IE or Google Chrome. I can disable Yontoo layers in IE, but not uninstall.
4. I have the free version of Malwarebytes. After scan is complete it automatically post a log with no option to "Show Results". I was not given the option to check off or remove any items. Below is log:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.10.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
gdouglas :: GARYD [administrator]
2/10/2012 8:21:46 AM
mbam-log-2012-02-10 (08-21-46).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 408674
Time elapsed: 7 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
5. Below is Security Check log:
Results of screen317's Security Check version 0.99.31
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
AccusizeSetup
Symantec Endpoint Protection
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Java™ 6 Update 17
Java version out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbam.exe
``````````End of Log````````````
#19
- Agent ST
-
- Group: Malware Response Team
- Posts: 12,666
- Joined: 15-March 09
- Gender:Male
- Location:Antarctica
Posted 10 February 2012 - 09:39 AM
Hi noogman!
Okay.
Okay, go ahead and disable it in Internet Explorer then.
Okay, if any threats were found it would have provided you with the ability to remove them.
So that's good that no threats were found.
Your version of Internet Explorer is outdated.
NEXT:
Java Outdated
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older version Java components and update:
Go to
> Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
NEXT
OTL Fix
We need to run an OTL Fix
Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below.
NEXT:
OTL Custom Scan
We need to run an OTL Custom Scan
NEXT:
What outstanding issues (if any) are you still experiencing with your computer?
Quote
1. The folder was something I copied from someone else's computer. I don't recognize the file, it can be deleted.
Quote
3. I do not have Firefox. Current I use either IE or Google Chrome. I can disable Yontoo layers in IE, but not uninstall.
Quote
4. I have the free version of Malwarebytes. After scan is complete it automatically post a log with no option to "Show Results". I was not given the option to check off or remove any items. Below is log:
So that's good that no threats were found.
Your version of Internet Explorer is outdated.
- Please download IE 8 from http://windows.microsoft.com/en-US/internet-explorer/downloads/ie-8.
- Save it to your desktop.
- Double click on the file on your desktop to start the installation process.
- Reboot
NEXT:
Java Outdated
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
- Microsoft: ‘Unprecedented Wave of Java Exploitation’
- Drive-by Trojan preying on out-of-date Java installations
- Ghosts of Java Haunt Users
Please follow these steps to remove older version Java components and update:
- Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
- Look for "Java Platform, Standard Edition".
- Click the "Download JRE" button to the right.
- Read the License Agreement, and then check the box that says: "Accept License Agreement".
- From the list, select your OS and Platform:
- 32-bit Select: Windows x86 Offline.
- 64-bit Select: Windows x64.
- 32-bit Select: Windows x86 Offline.
- If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
- Close any programs you may have running - especially your web browser.
Go to
> Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.- Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-7u2-windows-i586-s.exe (or jre-7u2-windows-x64.exe for 64-bit) to install the newest version.
- If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
- When the Java Setup - Welcome window opens, click the Install > button.
- If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
- The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
- Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
- Click Ok and reboot your computer.
NEXT
OTL Fix
We need to run an OTL Fix
Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below.
- Please reopen
on your desktop. - Copy and Paste the following code into the
textbox.
:Services :Processes :OTL :Reg :Files :Commands [CreateRestorePoint] [emptytemp] [EMPTYFLASH] [EMPTYJAVA]
- Push
- OTL may ask to reboot the machine. Please do so if asked.
- Click the OK button.
- A report will open. Copy and Paste that report in your next reply.
- If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
NEXT:
OTL Custom Scan
We need to run an OTL Custom Scan
- Please reopen on your desktop.
- Copy and Paste the following code into the textbox.
CREATERESTOREPOINT
msconfig
safebootminimal
activex
drivers32
netsvcs
"%WinDir%\$NtUninstallKB*$."
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
- Push the Quick Scan button.
- A report will open. Copy and Paste that report in your next reply.
NEXT:
What outstanding issues (if any) are you still experiencing with your computer?
Have I helped you? If you'd like to assist in the fight against malware, click here
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
#20
- Member
-
- Group: Members
- Posts: 17
- Joined: 23-January 12
Posted 15 February 2012 - 01:05 PM
SweetTech,
1. I am not using IE anymore strictly Google Chrome. I dont see a need for updating it. If I could disable IE would disabling Chrome I would.
2. Java has been removed and updated to latest version.
3. Below is log for OTL fix:
All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Administrator.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: administrator.BV
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: asuchta
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: asuchta.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: BV User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: dblake
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: dblake.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: dburcham
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: gdouglas
->Temp folder emptied: 50317636 bytes
->Temporary Internet Files folder emptied: 77409799 bytes
->Java cache emptied: 591 bytes
->Google Chrome cache emptied: 399114952 bytes
->Flash cache emptied: 18323 bytes
User: jvaughan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: jvaughan.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: user1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: User1.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9144699 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 17488830 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 528.00 mb
[EMPTYFLASH]
User: Administrator
User: Administrator.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
User: administrator.BV
User: All Users
User: asuchta
->Flash cache emptied: 0 bytes
User: asuchta.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
User: BV User
->Flash cache emptied: 0 bytes
User: dblake
->Flash cache emptied: 0 bytes
User: dblake.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
User: dburcham
->Flash cache emptied: 0 bytes
User: Default User
User: gdouglas
->Flash cache emptied: 0 bytes
User: jvaughan
User: jvaughan.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: user1
->Flash cache emptied: 0 bytes
User: User1.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
[EMPTYJAVA]
User: Administrator
User: Administrator.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
User: administrator.BV
User: All Users
User: asuchta
->Java cache emptied: 0 bytes
User: asuchta.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
User: BV User
User: dblake
User: dblake.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
User: dburcham
User: Default User
User: gdouglas
->Java cache emptied: 0 bytes
User: jvaughan
User: jvaughan.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: user1
User: User1.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
Total Java Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 02152012_124344
Files\Folders moved on Reboot...
C:\Documents and Settings\gdouglas\Local Settings\Temp\ExchangePerflog_8484fa31dd3425cbf59f10c8.dat moved successfully.
C:\Documents and Settings\gdouglas\Local Settings\Temporary Internet Files\Content.Word\~WRS{A6DF9FC1-59CD-49EE-A691-CE64C47B04E5}.tmp moved successfully.
Registry entries deleted on Reboot...
4. Below is log for OTL custom scan:
OTL logfile created on: 2/15/2012 12:50:01 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\gdouglas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.55% Memory free
3.85 Gb Paging File | 3.23 Gb Available in Paging File | 83.93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 159.21 Gb Free Space | 68.40% Space Free | Partition Type: NTFS
Drive D: | 242.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive P: | 1034.67 Gb Total Space | 867.66 Gb Free Space | 83.86% Space Free | Partition Type: NTFS
Drive W: | 1034.67 Gb Total Space | 867.66 Gb Free Space | 83.86% Space Free | Partition Type: NTFS
Drive Y: | 1034.67 Gb Total Space | 867.66 Gb Free Space | 83.86% Space Free | Partition Type: NTFS
Drive Z: | 1034.67 Gb Total Space | 867.66 Gb Free Space | 83.86% Space Free | Partition Type: NTFS
Computer Name: GARYD | User Name: gdouglas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/02/15 12:36:41 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/01/27 12:34:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gdouglas\Desktop\OTL.exe
PRC - [2012/01/27 03:49:32 | 001,048,560 | ---- | M] (Google Inc.) -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/05/12 22:12:36 | 002,440,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/05/12 20:55:30 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/05/12 20:55:28 | 001,803,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/03/17 00:25:56 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/03/17 00:25:36 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/26 20:03:46 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/06/20 15:30:18 | 000,079,168 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/11/21 17:16:02 | 000,724,992 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
========== Modules (No Company Name) ==========
MOD - [2012/01/27 03:49:31 | 000,429,040 | ---- | M] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\ppgooglenaclpluginchrome.dll
MOD - [2012/01/27 03:49:29 | 003,772,912 | ---- | M] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\pdf.dll
MOD - [2012/01/27 03:48:06 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\avutil-51.dll
MOD - [2012/01/27 03:48:05 | 000,222,208 | ---- | M] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\avformat-53.dll
MOD - [2012/01/27 03:48:03 | 001,746,944 | ---- | M] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\avcodec-53.dll
========== Win32 Services (SafeList) ==========
SRV - [2012/02/15 12:36:41 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/12/30 12:31:48 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/12 22:12:36 | 002,440,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/05/12 20:55:28 | 001,803,592 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/03/20 18:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/03/17 00:25:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/03/17 00:25:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/02/01 21:43:02 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/08/28 07:40:37 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/07/26 20:03:46 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/06/20 15:30:18 | 000,079,168 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
========== Driver Services (SafeList) ==========
DRV - [2012/02/05 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/05 04:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/18 06:09:40 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120214.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/18 06:09:40 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120214.007\NAVENG.SYS -- (NAVENG)
DRV - [2011/06/21 17:46:10 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2009/06/12 20:45:15 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/05/12 20:58:06 | 000,091,976 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/05/12 20:56:32 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/03/04 13:07:52 | 000,319,920 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/03/04 13:07:52 | 000,280,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/03/04 13:07:52 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/11/18 17:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/14 11:24:18 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/09/09 13:54:42 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/08/21 10:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/21 10:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/09/11 20:23:54 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/09/11 19:58:28 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2007/06/20 15:30:20 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080118
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080118
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U3 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.4_0\
CHR - Extension: Google Search = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: AdBlock = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.17_0\
CHR - Extension: Gmail = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/01/28 09:17:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient_2.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230034079881 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230033763904 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BlakeVaughan.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C42441BC-202C-447A-9C53-CA2F9084FD5E}: NameServer = 192.168.1.5
O18 - Protocol\Handler\asp {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\ezstor {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\hsp {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-asp {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-cnote {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-hsp {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-mem1 {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\system32\WowCtl2.dll (EzTools Software)
O18 - Protocol\Handler\x-zip {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\zip {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/10/28 04:14:54 | 000,000,175 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012/02/15 10:43:07 | 000,000,000 | ---D | M] - W:\AutoSave -- [ NTFS ]
O32 - AutoRun File - [2011/04/28 14:16:33 | 000,000,000 | ---D | M] - Z:\autocad 2010 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
MsConfig - StartUpReg: ECenter - hkey= - key= - C:\dell\E-Center\EULALauncher.exe ( )
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {276B13EC-63FC-1659-C1CF-1F86509C43BB} - DirectX
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {435F0015-EF44-DE33-C2D9-FBB3E1374E5B} - Java (Sun)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4D9CAF39-0F8D-C0ED-8AE2-130392E13336} - Java (Sun)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
========== Files/Folders - Created Within 30 Days ==========
[2012/02/15 12:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\Sun
[2012/02/15 12:43:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/15 12:42:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\gdouglas\Desktop\OTL.exe
[2012/02/15 12:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/15 12:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/02/13 08:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/02/07 07:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/03 07:57:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/29 13:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gdouglas\My Documents\Downloads
[2012/01/28 14:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gdouglas\Start Menu\Programs\Google Chrome
[2012/01/28 09:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\Temp
[2012/01/24 07:30:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/01/23 11:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ricoh
[2012/01/23 10:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Kodak
[2012/01/23 10:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{A0559A84-0A11-425F-BFFC-532378694B25}
[2010/07/19 08:04:10 | 000,161,344 | ---- | C] (Altiris) -- C:\Program Files\UNWISE.EXE
[2010/07/19 08:03:58 | 000,122,880 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\unpack200.exe
[2010/07/19 08:03:52 | 001,498,112 | ---- | C] (U.S. Department of Energy/Pacific Northwest National Laboratory) -- C:\Program Files\checkEng.DLL
[2010/07/19 08:03:52 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr71.dll
[2010/07/19 08:03:52 | 000,024,576 | ---- | C] (KeyWorks Software) -- C:\Program Files\keyHH.exe
[2010/06/07 12:43:46 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
========== Files - Modified Within 30 Days ==========
[2012/02/15 12:50:32 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A78FC571-7084-4D83-9EB8-98CDC3125C53}.job
[2012/02/15 12:46:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/15 12:46:27 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/15 12:45:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/15 12:44:52 | 2144,980,992 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/15 12:15:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-179842681-2008273749-2489577197-1143UA.job
[2012/02/15 12:15:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/15 08:15:01 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-179842681-2008273749-2489577197-1143Core.job
[2012/02/15 07:57:03 | 000,260,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/14 18:33:25 | 000,445,836 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/14 18:33:25 | 000,073,042 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/14 18:29:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/12 20:50:00 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\defrag.job
[2012/02/07 16:42:24 | 000,000,463 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to scans on 192.168.1.5.lnk
[2012/02/07 16:21:13 | 000,068,390 | ---- | M] () -- C:\acadminidump.dmp
[2012/02/06 18:54:48 | 000,000,138 | ---- | M] () -- C:\Documents and Settings\gdouglas\My Documents\acad.err
[2012/02/06 08:47:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/02/03 09:11:11 | 000,002,933 | ---- | M] () -- C:\WINDOWS\TOPSS.ini
[2012/02/03 09:11:11 | 000,000,083 | ---- | M] () -- C:\WINDOWS\subrules.ini
[2012/02/03 09:11:11 | 000,000,021 | ---- | M] () -- C:\WINDOWS\odbcddp.ini
[2012/02/03 09:11:11 | 000,000,008 | ---- | M] () -- C:\WINDOWS\dcrudll.ini
[2012/01/29 10:42:54 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2012/01/28 14:05:57 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/28 09:17:27 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/01/27 16:11:40 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Accusize.lnk
[2012/01/27 13:45:16 | 000,000,573 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\COMcheck 3.8.0 .lnk
[2012/01/27 13:44:55 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\AutoCAD 2010 - English.lnk
[2012/01/27 13:44:41 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Hydrant Flow Test.lnk
[2012/01/27 13:44:28 | 000,001,810 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\PoolPak Selection.lnk
[2012/01/27 12:34:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gdouglas\Desktop\OTL.exe
[2012/01/23 18:55:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\gdouglas\defogger_reenable
[2012/01/19 14:43:31 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012/01/18 13:56:27 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== Files Created - No Company Name ==========
[2012/02/14 16:04:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/14 16:04:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/06 18:54:48 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\gdouglas\My Documents\acad.err
[2012/02/06 18:54:43 | 000,068,390 | ---- | C] () -- C:\acadminidump.dmp
[2012/02/06 08:47:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/28 14:05:57 | 000,002,287 | ---- | C] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/28 14:05:33 | 000,000,990 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-179842681-2008273749-2489577197-1143UA.job
[2012/01/28 14:05:33 | 000,000,938 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-179842681-2008273749-2489577197-1143Core.job
[2012/01/28 10:27:38 | 000,000,463 | ---- | C] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to scans on 192.168.1.5.lnk
[2012/01/27 16:11:51 | 000,001,657 | R--- | C] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Buzzsaw 2008.lnk
[2012/01/27 16:11:40 | 000,002,309 | ---- | C] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Accusize.lnk
[2012/01/27 13:45:16 | 000,000,573 | ---- | C] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\COMcheck 3.8.0 .lnk
[2012/01/27 13:44:55 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\AutoCAD 2010 - English.lnk
[2012/01/27 13:44:41 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Hydrant Flow Test.lnk
[2012/01/27 13:44:28 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\PoolPak Selection.lnk
[2012/01/23 18:55:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\gdouglas\defogger_reenable
[2012/01/16 12:16:32 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/16 10:30:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/16 10:30:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/16 10:30:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/16 10:30:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/16 10:30:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/14 10:58:23 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\WEBDIAL.EXE
[2011/01/20 15:12:35 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2010/07/27 15:33:09 | 001,058,344 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/19 08:03:58 | 000,000,223 | ---- | C] () -- C:\Program Files\unpackJars.bat
[2010/07/19 08:03:52 | 005,918,124 | ---- | C] () -- C:\Program Files\COMcheck.jar
[2010/07/19 08:03:52 | 004,565,469 | ---- | C] () -- C:\Program Files\cities.dat
[2010/07/19 08:03:52 | 000,633,516 | ---- | C] () -- C:\Program Files\counties.dat
[2010/07/19 08:03:52 | 000,274,944 | ---- | C] () -- C:\Program Files\COMcheck.exe
[2010/07/19 08:03:52 | 000,022,931 | ---- | C] () -- C:\Program Files\splash.gif
[2010/07/19 08:03:52 | 000,022,721 | ---- | C] () -- C:\Program Files\example99.cck
[2010/07/19 08:03:52 | 000,015,663 | ---- | C] () -- C:\Program Files\example.cck
[2010/07/19 08:03:52 | 000,000,299 | ---- | C] () -- C:\Program Files\defaults.dat
[2010/07/19 08:03:52 | 000,000,111 | ---- | C] () -- C:\Program Files\Start_COMcheck_CL_Log.bat
[2010/07/19 08:03:52 | 000,000,074 | ---- | C] () -- C:\Program Files\Start_COMcheck_CL.bat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/07 10:20:38 | 000,323,697 | ---- | C] () -- C:\WINDOWS\System32\airxwhl.dll
[2009/07/07 10:18:28 | 001,158,601 | ---- | C] () -- C:\WINDOWS\System32\refprop.dll
[2009/07/07 10:18:28 | 000,729,088 | ---- | C] () -- C:\WINDOWS\System32\r3a.dll
[2009/07/07 10:18:22 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\jdde.dll
[2009/07/07 10:18:20 | 000,000,401 | ---- | C] () -- C:\WINDOWS\System32\sdm39.ini
[2009/07/07 09:54:56 | 000,004,497 | ---- | C] () -- C:\WINDOWS\spcfg1.ini
[2009/07/07 09:54:17 | 000,002,275 | ---- | C] () -- C:\WINDOWS\System32\FSDM.INI
[2009/07/07 09:54:15 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\ECATENB2.DLL
[2009/07/07 09:54:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ECATEN33.DLL
[2009/07/07 09:54:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ECATEN32.DLL
[2009/06/24 12:52:48 | 000,000,848 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\amprm.dat
[2009/06/24 12:52:48 | 000,000,334 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\awmsg.dat
[2009/06/24 12:52:48 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\amguid.dat
[2009/06/24 12:52:48 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\winam.dat
[2009/05/21 08:58:32 | 000,062,208 | ---- | C] () -- C:\WINDOWS\System32\SCP150A.DLL
[2009/05/21 08:58:32 | 000,024,065 | ---- | C] () -- C:\WINDOWS\System32\SCP150.DLL
[2008/09/16 15:02:08 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/04 07:45:51 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ESDErr1.dll
[2008/09/02 14:31:30 | 000,018,790 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2008/09/02 12:18:33 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\fusioncache.dat
[2008/09/02 12:07:14 | 000,000,083 | ---- | C] () -- C:\WINDOWS\subrules.ini
[2008/09/02 12:07:13 | 000,002,933 | ---- | C] () -- C:\WINDOWS\TOPSS.ini
[2008/09/02 12:07:13 | 000,000,021 | ---- | C] () -- C:\WINDOWS\odbcddp.ini
[2008/09/02 12:07:13 | 000,000,008 | ---- | C] () -- C:\WINDOWS\dcrudll.ini
[2008/09/02 12:05:37 | 000,254,464 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt2x.dll
[2008/09/02 12:05:37 | 000,169,567 | ---- | C] () -- C:\WINDOWS\System32\LJWing.dll
[2008/09/02 12:05:37 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\TgfWriterX2.dll
[2008/09/02 12:05:37 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\TgfWriter.dll
[2008/09/02 12:05:36 | 000,410,624 | ---- | C] () -- C:\WINDOWS\System32\dforrt.dll
[2008/09/02 12:05:36 | 000,251,904 | ---- | C] () -- C:\WINDOWS\System32\orant71.dll
[2008/09/02 12:05:36 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\Ivinfo.exe
[2008/09/02 12:05:36 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\ivtrn12.dll
[2008/09/02 12:05:36 | 000,005,792 | ---- | C] () -- C:\WINDOWS\System32\odbc16ut.dll
[2008/09/02 12:05:35 | 000,775,168 | ---- | C] () -- C:\WINDOWS\System32\corent23.dll
[2008/09/02 12:05:34 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2008/09/02 12:05:25 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\rcbuild.dll
[2008/09/02 12:05:24 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\PipelineX2.dll
[2008/09/02 12:05:24 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\PipelineX.dll
[2008/02/21 11:57:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/02/21 11:56:05 | 000,002,095 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/21 11:37:46 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/02/14 14:48:47 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2008/02/14 14:48:47 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
[2008/01/18 18:04:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/18 17:44:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/01/18 17:43:15 | 000,001,122 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 18:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 18:06:43 | 000,260,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 18:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 18:00:28 | 000,445,836 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 18:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 18:00:28 | 000,073,042 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 18:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 18:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 18:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 18:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 18:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 18:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 18:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 18:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
========== LOP Check ==========
[2009/10/20 11:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AM
[2011/12/30 12:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/01/20 16:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CAPS
[2008/09/18 09:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2012/01/23 11:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ricoh
[2011/04/14 06:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wrightsoft HVAC
[2012/01/23 10:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A0559A84-0A11-425F-BFFC-532378694B25}
[2011/06/06 15:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A2A58654-12AA-408A-B411-58A76959BE7F}
[2011/12/30 12:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gdouglas\Application Data\Autodesk
[2010/07/19 08:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gdouglas\Application Data\COMcheck
[2008/09/02 14:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gdouglas\Application Data\deskPDF
[2008/08/28 07:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gdouglas\Application Data\Downloaded Installations
[2009/11/11 09:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gdouglas\Application Data\FileOpen
[2011/10/26 12:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gdouglas\Application Data\FileZilla
[2011/06/09 09:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gdouglas\Application Data\Igneus
[2009/09/17 16:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gdouglas\Application Data\MailWasherFree
[2009/03/09 10:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gdouglas\Application Data\ProjectPoint-2008
[2011/03/22 13:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gdouglas\Application Data\Softland
[2012/02/12 20:50:00 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\defrag.job
[2012/02/15 12:50:32 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A78FC571-7084-4D83-9EB8-98CDC3125C53}.job
========== Purity Check ==========
========== Custom Scans ==========
< "%WinDir%\$NtUninstallKB*$." >
[2010/09/28 21:44:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2079403$
[2010/09/28 21:39:04 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2115168$
[2010/09/28 21:45:56 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2121546$
[2010/09/28 21:45:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2141007$
[2010/09/28 21:48:58 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2158563$
[2010/09/28 21:44:19 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2160329$
[2010/07/28 16:00:09 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2229593$
[2010/09/28 21:45:37 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2259922$
[2010/10/13 02:05:07 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2279986$
[2010/09/28 21:38:52 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2286198$
[2010/10/13 02:04:57 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2296011$
[2010/12/15 17:47:37 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2296199$
[2010/10/13 02:05:03 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2345886$
[2010/09/28 21:46:01 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2347290$
[2010/10/13 02:00:31 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2360937$
[2010/10/13 02:04:29 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2378111_WM9$
[2010/10/13 02:05:12 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2387149$
[2011/02/10 03:00:28 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2393802$
[2011/04/14 02:05:23 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2412687$
[2011/01/12 17:14:26 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2419632$
[2010/12/15 17:44:15 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2423089$
[2010/12/15 17:47:15 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2436673$
[2010/12/15 17:47:25 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2440591$
[2010/12/15 17:47:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2443105$
[2010/12/15 17:47:21 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2443685$
[2010/12/15 17:46:35 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2467659$
[2011/06/16 02:05:30 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2476490$
[2011/02/10 03:00:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2476687$
[2011/02/10 03:00:40 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2478960$
[2012/01/04 09:45:55 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2478971$
[2011/02/10 03:02:48 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2479628$
[2011/03/09 03:02:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2479943$
[2011/02/10 03:02:40 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2483185$
[2011/03/09 03:02:25 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2483614$
[2011/02/10 03:02:53 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2485376$
[2011/04/14 02:07:28 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2485663$
[2011/04/14 02:08:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2491683$
[2011/04/14 02:02:59 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2503658$
[2011/06/16 02:05:25 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2503665$
[2011/04/14 02:02:19 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2506212$
[2011/04/14 02:06:08 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2506223$
[2011/04/14 02:02:44 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2507618$
[2011/07/14 02:02:46 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2507938$
[2011/04/14 02:03:05 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2508272$
[2011/04/14 02:02:39 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2508429$
[2011/04/14 02:00:36 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2509553$
[2011/04/14 02:06:15 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2510581$
[2011/04/14 02:02:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2511455$
[2011/03/24 02:00:39 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2524375$
[2011/06/16 02:04:13 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2535512$
[2011/06/16 02:03:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2536276$
[2011/08/10 02:03:29 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2536276-v2$
[2011/06/29 02:00:24 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2541763$
[2011/06/16 02:03:24 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2544893$
[2011/11/09 03:02:40 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2544893-v2$
[2011/07/14 02:00:26 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2555917$
[2011/08/10 02:00:27 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2562937$
[2011/10/13 16:39:36 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2564958$
[2011/08/10 02:00:35 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2566454$
[2011/10/13 16:35:00 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2567053$
[2011/08/10 02:03:35 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2567680$
[2011/08/10 02:02:57 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2570222$
[2011/08/24 15:51:13 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2570791$
[2011/09/14 15:44:19 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2570947$
[2012/01/12 17:34:15 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2584146$
[2012/01/24 07:34:21 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2585542$
[2011/10/13 16:34:54 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2592799$
[2012/01/12 17:35:02 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2598479$
[2012/01/12 17:34:56 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2603381$
[2011/09/07 02:00:26 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2607712$
[2011/09/14 15:47:47 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2616676$
[2011/12/14 23:27:12 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2618451$
[2011/12/14 23:27:18 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2619339$
[2011/12/14 23:26:55 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2620712$
[2011/12/14 23:31:56 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2624667$
[2012/01/12 17:37:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2631813$
[2011/12/14 23:26:40 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2633171$
[2011/12/14 23:27:51 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2633952$
[2011/12/14 23:32:03 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2639417$
[2011/11/11 12:43:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2641690$
[2012/01/12 17:37:13 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2646524$
[2012/02/14 18:29:22 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2660465$
[2012/02/14 18:27:18 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2661637$
[2008/01/18 17:59:13 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB835221WXP$
[2008/02/07 14:48:55 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB885836$
[2008/02/07 14:48:53 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB886185$
[2008/02/07 14:48:58 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB888302$
[2008/02/07 14:49:10 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB890859$
[2008/02/07 14:49:51 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB891122$
[2008/02/07 14:49:15 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB893756$
[2008/02/07 14:49:20 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB894391$
[2008/02/07 14:49:04 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB896344$
[2008/02/07 14:49:00 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB896428$
[2008/02/07 14:45:23 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB898461$
[2008/02/07 14:49:17 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB899587$
[2008/02/07 14:50:01 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB900485$
[2008/02/07 14:49:35 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB900725$
[2008/02/07 14:49:27 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB901017$
[2008/02/07 15:00:57 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB902344$
[2010/06/25 10:36:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB902400$
[2008/02/07 14:50:12 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB904942$
[2008/02/07 14:49:29 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB905414$
[2008/02/07 14:49:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB905749$
[2008/02/07 14:49:57 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB910437$
[2008/02/07 14:50:09 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB911280$
[2008/02/07 14:49:59 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB911927$
[2008/02/07 14:50:07 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB913580$
[2008/02/07 14:50:05 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB914389$
[2008/02/07 14:51:24 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB914440$
[2008/02/07 14:51:54 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB915865$
[2008/02/07 14:50:18 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB916595$
[2008/02/07 15:01:02 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB920342$
[2008/02/07 14:50:22 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB920872$
[2008/02/07 14:50:17 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB922582$
[2008/02/07 14:50:25 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB922819$
[2009/04/27 21:17:57 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB923561$
[2008/02/07 14:50:36 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB923723$
[2008/02/07 14:50:31 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB925876$
[2008/02/07 14:50:28 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB927779$
[2008/02/07 14:50:39 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB927891$
[2008/11/12 20:28:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB929399$
[2008/02/07 14:50:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB930916$
[2008/01/18 17:58:16 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB931784$
[2008/05/29 08:46:36 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB932823-v3$
[2008/02/07 14:50:49 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB933729$
[2008/02/07 14:50:57 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB936357$
[2008/11/12 20:28:23 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB936782_WMP11$
[2008/02/07 14:52:57 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB937894$
[2008/11/12 20:29:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB938464$
[2008/02/07 14:49:07 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB939653$
[2008/11/12 20:28:14 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB939683$
[2008/02/07 14:50:51 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB941202$
[2008/02/07 14:52:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB941568$
[2008/02/07 14:53:27 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB941569$
[2008/02/07 14:53:29 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB941644$
[2008/04/09 16:18:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB941693$
[2011/12/30 12:17:01 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB942288-v3$
[2008/02/07 14:52:50 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB942615$
[2008/02/07 14:52:43 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB942763$
[2008/02/07 14:53:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB942840$
[2008/02/14 14:53:24 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB943055$
[2008/02/07 14:50:55 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB943460$
[2008/02/07 14:53:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB943485$
[2008/11/12 20:29:50 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB943729$
[2008/02/07 14:52:53 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB944653$
[2011/06/06 15:23:49 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB945060-v3$
[2008/04/09 16:17:42 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB945553$
[2008/02/14 14:53:39 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB946026$
[2008/11/12 20:28:39 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB946648$
[2008/04/09 16:18:18 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB948590$
[2008/04/09 16:18:37 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB948881$
[2008/05/14 13:56:03 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB950749$
[2008/06/12 11:17:52 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB950760$
[2008/06/14 17:32:48 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB950762$
[2008/06/12 11:17:56 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB950762_0$
[2008/09/02 06:59:46 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB950974$
[2008/11/12 20:28:37 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951066$
[2008/11/12 20:28:46 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951072-v2$
[2008/06/14 17:32:52 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951376$
[2008/11/12 20:27:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951376-v2$
[2008/06/12 11:17:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951376_0$
[2008/06/14 17:32:57 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951698$
[2008/06/12 11:18:00 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951698_0$
[2009/01/23 07:31:59 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951748$
[2008/11/12 20:28:04 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951978$
[2009/04/27 21:18:59 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB952004$
[2008/12/23 07:17:15 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB952069_WM9$
[2008/11/12 20:28:50 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB952287$
[2008/11/12 20:28:43 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB952954$
[2008/11/12 20:29:33 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB954154_WM11$
[2009/10/22 17:11:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB954155_WM9$
[2011/08/23 15:18:12 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB954211$
[2008/11/12 20:33:26 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB954459$
[2008/12/23 07:18:28 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB954600$
[2008/11/12 20:33:19 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB955069$
[2010/01/13 03:02:38 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB955759$
[2008/12/23 07:18:49 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB955839$
[2008/11/12 20:32:23 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956391$
[2009/04/27 21:18:36 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956572$
[2009/10/22 17:05:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956744$
[2008/12/23 07:18:31 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956802$
[2008/11/12 20:32:27 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956803$
[2008/11/12 20:32:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956841$
[2009/10/22 17:07:00 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956844$
[2008/11/12 20:32:37 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB957095$
[2008/11/12 20:34:17 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB957097$
[2008/11/12 20:32:55 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB958644$
[2009/01/23 07:32:26 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB958687$
[2009/04/27 21:08:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB958690$
[2009/10/22 17:12:14 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB958869$
[2009/04/27 21:19:14 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB959426$
[2009/04/27 21:08:37 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB959772_WM11$
[2009/04/27 21:08:01 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB960225$
[2009/04/27 21:06:33 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB960715$
[2009/04/27 21:19:07 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB960803$
[2009/10/22 17:05:48 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB960859$
[2009/06/12 20:17:14 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB961118$
[2009/10/22 17:06:38 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB961371-v2$
[2009/04/27 21:18:10 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB961373$
[2009/06/12 20:17:38 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB961501$
[2009/04/27 21:08:17 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB967715$
[2009/10/22 17:15:20 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB968389$
[2009/06/12 20:17:42 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB968537$
[2009/10/22 17:07:14 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB968816_WM9$
[2010/02/23 18:06:59 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB968930$
[2009/10/22 17:12:21 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB969059$
[2010/02/23 18:07:27 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB969084$
[2009/06/12 20:17:35 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB969898$
[2009/11/30 11:34:15 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB969947$
[2009/06/12 20:17:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB970238$
[2010/01/08 20:03:14 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB970430$
[2009/10/22 17:06:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB970653-v3$
[2011/03/02 16:51:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971029$
[2010/02/11 03:02:47 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971468$
[2009/10/22 17:12:00 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971486$
[2009/11/30 11:32:18 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971513$
[2009/10/22 17:05:05 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971557$
[2009/10/22 17:04:26 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971633$
[2009/10/22 17:05:57 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971657$
[2010/01/08 20:01:35 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971737$
[2009/10/22 17:07:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971961$
[2010/01/13 03:02:02 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB972270$
[2009/10/22 17:05:39 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973354$
[2009/10/22 17:05:43 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973507$
[2009/10/22 17:11:29 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973525$
[2009/10/22 17:05:22 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973540_WM9$
[2009/11/30 11:35:56 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973687$
[2009/10/22 17:05:52 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973815$
[2009/10/22 17:05:30 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973869$
[2010/01/08 20:02:12 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973904$
[2009/10/22 17:11:52 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB974112$
[2010/01/08 20:02:56 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB974318$
[2010/01/08 20:01:42 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB974392$
[2009/10/22 17:11:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB974571$
[2009/10/22 17:11:37 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB975025$
[2009/10/22 17:15:27 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB975467$
[2010/09/28 21:45:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB975558_WM8$
[2010/02/11 03:00:50 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB975560$
[2010/03/17 15:30:19 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB975561$
[2010/07/28 15:58:48 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB975562$
[2010/02/11 03:01:01 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB975713$
[2009/11/30 11:36:04 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB976098-v2$
[2010/02/11 03:00:26 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB977165$
[2010/04/23 15:59:31 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB977816$
[2010/02/11 03:00:44 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB977914$
[2010/02/11 03:01:05 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978037$
[2010/02/11 03:00:55 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978251$
[2010/02/11 03:03:22 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978262$
[2010/04/23 15:59:35 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978338$
[2010/05/26 12:31:05 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978542$
[2010/04/23 15:58:59 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978601$
[2010/07/28 15:59:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978695_WM9$
[2010/02/11 03:00:38 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978706$
[2010/04/23 15:58:55 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB979309$
[2010/07/28 15:59:01 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB979482$
[2010/07/28 15:59:17 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB979559$
[2010/04/23 15:59:50 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB979683$
[2010/10/13 02:03:58 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB979687$
[2010/07/28 16:01:13 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB980195$
[2010/07/28 16:03:15 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB980218$
[2010/04/23 15:59:44 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB980232$
[2010/09/28 21:45:23 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB980436$
[2010/09/28 21:45:42 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB981322$
[2010/04/23 15:59:39 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB981349$
[2010/09/28 21:45:14 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB981852$
[2010/10/13 02:01:53 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB981957$
[2010/09/28 21:44:27 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB981997$
[2010/10/13 02:04:26 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB982132$
[2010/09/28 21:44:12 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB982214$
[2010/09/28 21:39:09 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB982665$
[2010/09/28 21:45:51 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB982802$
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/27 03:49:32 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/27 03:49:32 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/27 03:49:32 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/27 03:49:32 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/27 03:49:32 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/12/16 06:00:16 | 000,634,680 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/27 03:49:32 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/27 03:49:32 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/27 03:49:32 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/27 03:49:32 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/27 03:49:32 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/12/16 06:00:16 | 000,634,680 | ---- | M] (Microsoft Corporation)
< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-02-14 23:33:35
< End of report >
5. Computer seems to be ok, there are no outstanding issues that I am aware of.
1. I am not using IE anymore strictly Google Chrome. I dont see a need for updating it. If I could disable IE would disabling Chrome I would.
2. Java has been removed and updated to latest version.
3. Below is log for OTL fix:
All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Administrator.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: administrator.BV
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: asuchta
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: asuchta.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: BV User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: dblake
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: dblake.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: dburcham
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: gdouglas
->Temp folder emptied: 50317636 bytes
->Temporary Internet Files folder emptied: 77409799 bytes
->Java cache emptied: 591 bytes
->Google Chrome cache emptied: 399114952 bytes
->Flash cache emptied: 18323 bytes
User: jvaughan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: jvaughan.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: user1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: User1.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9144699 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 17488830 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 528.00 mb
[EMPTYFLASH]
User: Administrator
User: Administrator.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
User: administrator.BV
User: All Users
User: asuchta
->Flash cache emptied: 0 bytes
User: asuchta.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
User: BV User
->Flash cache emptied: 0 bytes
User: dblake
->Flash cache emptied: 0 bytes
User: dblake.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
User: dburcham
->Flash cache emptied: 0 bytes
User: Default User
User: gdouglas
->Flash cache emptied: 0 bytes
User: jvaughan
User: jvaughan.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: user1
->Flash cache emptied: 0 bytes
User: User1.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
[EMPTYJAVA]
User: Administrator
User: Administrator.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
User: administrator.BV
User: All Users
User: asuchta
->Java cache emptied: 0 bytes
User: asuchta.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
User: BV User
User: dblake
User: dblake.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
User: dburcham
User: Default User
User: gdouglas
->Java cache emptied: 0 bytes
User: jvaughan
User: jvaughan.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: user1
User: User1.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
Total Java Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 02152012_124344
Files\Folders moved on Reboot...
C:\Documents and Settings\gdouglas\Local Settings\Temp\ExchangePerflog_8484fa31dd3425cbf59f10c8.dat moved successfully.
C:\Documents and Settings\gdouglas\Local Settings\Temporary Internet Files\Content.Word\~WRS{A6DF9FC1-59CD-49EE-A691-CE64C47B04E5}.tmp moved successfully.
Registry entries deleted on Reboot...
4. Below is log for OTL custom scan:
OTL logfile created on: 2/15/2012 12:50:01 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\gdouglas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.55% Memory free
3.85 Gb Paging File | 3.23 Gb Available in Paging File | 83.93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 159.21 Gb Free Space | 68.40% Space Free | Partition Type: NTFS
Drive D: | 242.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive P: | 1034.67 Gb Total Space | 867.66 Gb Free Space | 83.86% Space Free | Partition Type: NTFS
Drive W: | 1034.67 Gb Total Space | 867.66 Gb Free Space | 83.86% Space Free | Partition Type: NTFS
Drive Y: | 1034.67 Gb Total Space | 867.66 Gb Free Space | 83.86% Space Free | Partition Type: NTFS
Drive Z: | 1034.67 Gb Total Space | 867.66 Gb Free Space | 83.86% Space Free | Partition Type: NTFS
Computer Name: GARYD | User Name: gdouglas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/02/15 12:36:41 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/01/27 12:34:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gdouglas\Desktop\OTL.exe
PRC - [2012/01/27 03:49:32 | 001,048,560 | ---- | M] (Google Inc.) -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/05/12 22:12:36 | 002,440,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/05/12 20:55:30 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/05/12 20:55:28 | 001,803,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/03/17 00:25:56 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/03/17 00:25:36 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/26 20:03:46 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/06/20 15:30:18 | 000,079,168 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/11/21 17:16:02 | 000,724,992 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
========== Modules (No Company Name) ==========
MOD - [2012/01/27 03:49:31 | 000,429,040 | ---- | M] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\ppgooglenaclpluginchrome.dll
MOD - [2012/01/27 03:49:29 | 003,772,912 | ---- | M] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\pdf.dll
MOD - [2012/01/27 03:48:06 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\avutil-51.dll
MOD - [2012/01/27 03:48:05 | 000,222,208 | ---- | M] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\avformat-53.dll
MOD - [2012/01/27 03:48:03 | 001,746,944 | ---- | M] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\avcodec-53.dll
========== Win32 Services (SafeList) ==========
SRV - [2012/02/15 12:36:41 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/12/30 12:31:48 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/12 22:12:36 | 002,440,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/05/12 20:55:28 | 001,803,592 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/03/20 18:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/03/17 00:25:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/03/17 00:25:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/02/01 21:43:02 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/08/28 07:40:37 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/07/26 20:03:46 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/06/20 15:30:18 | 000,079,168 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
========== Driver Services (SafeList) ==========
DRV - [2012/02/05 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/05 04:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/18 06:09:40 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120214.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/18 06:09:40 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120214.007\NAVENG.SYS -- (NAVENG)
DRV - [2011/06/21 17:46:10 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2009/06/12 20:45:15 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/05/12 20:58:06 | 000,091,976 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/05/12 20:56:32 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/03/04 13:07:52 | 000,319,920 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/03/04 13:07:52 | 000,280,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/03/04 13:07:52 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/11/18 17:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/14 11:24:18 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/09/09 13:54:42 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/08/21 10:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/21 10:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/09/11 20:23:54 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/09/11 19:58:28 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2007/06/20 15:30:20 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080118
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080118
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U3 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.4_0\
CHR - Extension: Google Search = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: AdBlock = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.17_0\
CHR - Extension: Gmail = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/01/28 09:17:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient_2.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230034079881 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230033763904 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BlakeVaughan.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C42441BC-202C-447A-9C53-CA2F9084FD5E}: NameServer = 192.168.1.5
O18 - Protocol\Handler\asp {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\ezstor {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\hsp {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-asp {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-cnote {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-hsp {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-mem1 {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\system32\WowCtl2.dll (EzTools Software)
O18 - Protocol\Handler\x-zip {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\zip {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/10/28 04:14:54 | 000,000,175 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012/02/15 10:43:07 | 000,000,000 | ---D | M] - W:\AutoSave -- [ NTFS ]
O32 - AutoRun File - [2011/04/28 14:16:33 | 000,000,000 | ---D | M] - Z:\autocad 2010 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
MsConfig - StartUpReg: ECenter - hkey= - key= - C:\dell\E-Center\EULALauncher.exe ( )
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {276B13EC-63FC-1659-C1CF-1F86509C43BB} - DirectX
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {435F0015-EF44-DE33-C2D9-FBB3E1374E5B} - Java (Sun)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4D9CAF39-0F8D-C0ED-8AE2-130392E13336} - Java (Sun)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
========== Files/Folders - Created Within 30 Days ==========
[2012/02/15 12:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\Sun
[2012/02/15 12:43:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/15 12:42:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\gdouglas\Desktop\OTL.exe
[2012/02/15 12:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/15 12:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/02/13 08:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/02/07 07:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/03 07:57:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/29 13:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gdouglas\My Documents\Downloads
[2012/01/28 14:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gdouglas\Start Menu\Programs\Google Chrome
[2012/01/28 09:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\Temp
[2012/01/24 07:30:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/01/23 11:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ricoh
[2012/01/23 10:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Kodak
[2012/01/23 10:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{A0559A84-0A11-425F-BFFC-532378694B25}
[2010/07/19 08:04:10 | 000,161,344 | ---- | C] (Altiris) -- C:\Program Files\UNWISE.EXE
[2010/07/19 08:03:58 | 000,122,880 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\unpack200.exe
[2010/07/19 08:03:52 | 001,498,112 | ---- | C] (U.S. Department of Energy/Pacific Northwest National Laboratory) -- C:\Program Files\checkEng.DLL
[2010/07/19 08:03:52 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr71.dll
[2010/07/19 08:03:52 | 000,024,576 | ---- | C] (KeyWorks Software) -- C:\Program Files\keyHH.exe
[2010/06/07 12:43:46 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
========== Files - Modified Within 30 Days ==========
[2012/02/15 12:50:32 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A78FC571-7084-4D83-9EB8-98CDC3125C53}.job
[2012/02/15 12:46:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/15 12:46:27 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/15 12:45:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/15 12:44:52 | 2144,980,992 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/15 12:15:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-179842681-2008273749-2489577197-1143UA.job
[2012/02/15 12:15:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/15 08:15:01 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-179842681-2008273749-2489577197-1143Core.job
[2012/02/15 07:57:03 | 000,260,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/14 18:33:25 | 000,445,836 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/14 18:33:25 | 000,073,042 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/14 18:29:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/12 20:50:00 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\defrag.job
[2012/02/07 16:42:24 | 000,000,463 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to scans on 192.168.1.5.lnk
[2012/02/07 16:21:13 | 000,068,390 | ---- | M] () -- C:\acadminidump.dmp
[2012/02/06 18:54:48 | 000,000,138 | ---- | M] () -- C:\Documents and Settings\gdouglas\My Documents\acad.err
[2012/02/06 08:47:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/02/03 09:11:11 | 000,002,933 | ---- | M] () -- C:\WINDOWS\TOPSS.ini
[2012/02/03 09:11:11 | 000,000,083 | ---- | M] () -- C:\WINDOWS\subrules.ini
[2012/02/03 09:11:11 | 000,000,021 | ---- | M] () -- C:\WINDOWS\odbcddp.ini
[2012/02/03 09:11:11 | 000,000,008 | ---- | M] () -- C:\WINDOWS\dcrudll.ini
[2012/01/29 10:42:54 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2012/01/28 14:05:57 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/28 09:17:27 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/01/27 16:11:40 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Accusize.lnk
[2012/01/27 13:45:16 | 000,000,573 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\COMcheck 3.8.0 .lnk
[2012/01/27 13:44:55 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\AutoCAD 2010 - English.lnk
[2012/01/27 13:44:41 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Hydrant Flow Test.lnk
[2012/01/27 13:44:28 | 000,001,810 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\PoolPak Selection.lnk
[2012/01/27 12:34:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gdouglas\Desktop\OTL.exe
[2012/01/23 18:55:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\gdouglas\defogger_reenable
[2012/01/19 14:43:31 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012/01/18 13:56:27 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== Files Created - No Company Name ==========
[2012/02/14 16:04:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/14 16:04:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/06 18:54:48 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\gdouglas\My Documents\acad.err
[2012/02/06 18:54:43 | 000,068,390 | ---- | C] () -- C:\acadminidump.dmp
[2012/02/06 08:47:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/28 14:05:57 | 000,002,287 | ---- | C] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/28 14:05:33 | 000,000,990 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-179842681-2008273749-2489577197-1143UA.job
[2012/01/28 14:05:33 | 000,000,938 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-179842681-2008273749-2489577197-1143Core.job
[2012/01/28 10:27:38 | 000,000,463 | ---- | C] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to scans on 192.168.1.5.lnk
[2012/01/27 16:11:51 | 000,001,657 | R--- | C] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Buzzsaw 2008.lnk
[2012/01/27 16:11:40 | 000,002,309 | ---- | C] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Accusize.lnk
[2012/01/27 13:45:16 | 000,000,573 | ---- | C] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\COMcheck 3.8.0 .lnk
[2012/01/27 13:44:55 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\AutoCAD 2010 - English.lnk
[2012/01/27 13:44:41 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Hydrant Flow Test.lnk
[2012/01/27 13:44:28 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\PoolPak Selection.lnk
[2012/01/23 18:55:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\gdouglas\defogger_reenable
[2012/01/16 12:16:32 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/16 10:30:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/16 10:30:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/16 10:30:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/16 10:30:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/16 10:30:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/14 10:58:23 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\WEBDIAL.EXE
[2011/01/20 15:12:35 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2010/07/27 15:33:09 | 001,058,344 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/19 08:03:58 | 000,000,223 | ---- | C] () -- C:\Program Files\unpackJars.bat
[2010/07/19 08:03:52 | 005,918,124 | ---- | C] () -- C:\Program Files\COMcheck.jar
[2010/07/19 08:03:52 | 004,565,469 | ---- | C] () -- C:\Program Files\cities.dat
[2010/07/19 08:03:52 | 000,633,516 | ---- | C] () -- C:\Program Files\counties.dat
[2010/07/19 08:03:52 | 000,274,944 | ---- | C] () -- C:\Program Files\COMcheck.exe
[2010/07/19 08:03:52 | 000,022,931 | ---- | C] () -- C:\Program Files\splash.gif
[2010/07/19 08:03:52 | 000,022,721 | ---- | C] () -- C:\Program Files\example99.cck
[2010/07/19 08:03:52 | 000,015,663 | ---- | C] () -- C:\Program Files\example.cck
[2010/07/19 08:03:52 | 000,000,299 | ---- | C] () -- C:\Program Files\defaults.dat
[2010/07/19 08:03:52 | 000,000,111 | ---- | C] () -- C:\Program Files\Start_COMcheck_CL_Log.bat
[2010/07/19 08:03:52 | 000,000,074 | ---- | C] () -- C:\Program Files\Start_COMcheck_CL.bat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/07 10:20:38 | 000,323,697 | ---- | C] () -- C:\WINDOWS\System32\airxwhl.dll
[2009/07/07 10:18:28 | 001,158,601 | ---- | C] () -- C:\WINDOWS\System32\refprop.dll
[2009/07/07 10:18:28 | 000,729,088 | ---- | C] () -- C:\WINDOWS\System32\r3a.dll
[2009/07/07 10:18:22 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\jdde.dll
[2009/07/07 10:18:20 | 000,000,401 | ---- | C] () -- C:\WINDOWS\System32\sdm39.ini
[2009/07/07 09:54:56 | 000,004,497 | ---- | C] () -- C:\WINDOWS\spcfg1.ini
[2009/07/07 09:54:17 | 000,002,275 | ---- | C] () -- C:\WINDOWS\System32\FSDM.INI
[2009/07/07 09:54:15 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\ECATENB2.DLL
[2009/07/07 09:54:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ECATEN33.DLL
[2009/07/07 09:54:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ECATEN32.DLL
[2009/06/24 12:52:48 | 000,000,848 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\amprm.dat
[2009/06/24 12:52:48 | 000,000,334 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\awmsg.dat
[2009/06/24 12:52:48 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\amguid.dat
[2009/06/24 12:52:48 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\winam.dat
[2009/05/21 08:58:32 | 000,062,208 | ---- | C] () -- C:\WINDOWS\System32\SCP150A.DLL
[2009/05/21 08:58:32 | 000,024,065 | ---- | C] () -- C:\WINDOWS\System32\SCP150.DLL
[2008/09/16 15:02:08 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/04 07:45:51 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ESDErr1.dll
[2008/09/02 14:31:30 | 000,018,790 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2008/09/02 12:18:33 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\fusioncache.dat
[2008/09/02 12:07:14 | 000,000,083 | ---- | C] () -- C:\WINDOWS\subrules.ini
[2008/09/02 12:07:13 | 000,002,933 | ---- | C] () -- C:\WINDOWS\TOPSS.ini
[2008/09/02 12:07:13 | 000,000,021 | ---- | C] () -- C:\WINDOWS\odbcddp.ini
[2008/09/02 12:07:13 | 000,000,008 | ---- | C] () -- C:\WINDOWS\dcrudll.ini
[2008/09/02 12:05:37 | 000,254,464 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt2x.dll
[2008/09/02 12:05:37 | 000,169,567 | ---- | C] () -- C:\WINDOWS\System32\LJWing.dll
[2008/09/02 12:05:37 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\TgfWriterX2.dll
[2008/09/02 12:05:37 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\TgfWriter.dll
[2008/09/02 12:05:36 | 000,410,624 | ---- | C] () -- C:\WINDOWS\System32\dforrt.dll
[2008/09/02 12:05:36 | 000,251,904 | ---- | C] () -- C:\WINDOWS\System32\orant71.dll
[2008/09/02 12:05:36 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\Ivinfo.exe
[2008/09/02 12:05:36 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\ivtrn12.dll
[2008/09/02 12:05:36 | 000,005,792 | ---- | C] () -- C:\WINDOWS\System32\odbc16ut.dll
[2008/09/02 12:05:35 | 000,775,168 | ---- | C] () -- C:\WINDOWS\System32\corent23.dll
[2008/09/02 12:05:34 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2008/09/02 12:05:25 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\rcbuild.dll
[2008/09/02 12:05:24 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\PipelineX2.dll
[2008/09/02 12:05:24 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\PipelineX.dll
[2008/02/21 11:57:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/02/21 11:56:05 | 000,002,095 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/21 11:37:46 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/02/14 14:48:47 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2008/02/14 14:48:47 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
[2008/01/18 18:04:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/18 17:44:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/01/18 17:43:15 | 000,001,122 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 18:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 18:06:43 | 000,260,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 18:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 18:00:28 | 000,445,836 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 18:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 18:00:28 | 000,073,042 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 18:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 18:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 18:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 18:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 18:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 18:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 18:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 18:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
========== LOP Check ==========
[2009/10/20 11:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AM
[2011/12/30 12:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/01/20 16:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CAPS
[2008/09/18 09:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2012/01/23 11:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ricoh
[2011/04/14 06:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wrightsoft HVAC
[2012/01/23 10:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A0559A84-0A11-425F-BFFC-532378694B25}
[2011/06/06 15:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A2A58654-12AA-408A-B411-58A76959BE7F}
[2011/12/30 12:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gdouglas\Application Data\Autodesk
[2010/07/19 08:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gdouglas\Application Data\COMcheck
[2008/09/02 14:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gdouglas\Application Data\deskPDF
[2008/08/28 07:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gdouglas\Application Data\Downloaded Installations
[2009/11/11 09:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gdouglas\Application Data\FileOpen
[2011/10/26 12:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gdouglas\Application Data\FileZilla
[2011/06/09 09:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gdouglas\Application Data\Igneus
[2009/09/17 16:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gdouglas\Application Data\MailWasherFree
[2009/03/09 10:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gdouglas\Application Data\ProjectPoint-2008
[2011/03/22 13:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gdouglas\Application Data\Softland
[2012/02/12 20:50:00 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\defrag.job
[2012/02/15 12:50:32 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A78FC571-7084-4D83-9EB8-98CDC3125C53}.job
========== Purity Check ==========
========== Custom Scans ==========
< "%WinDir%\$NtUninstallKB*$." >
[2010/09/28 21:44:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2079403$
[2010/09/28 21:39:04 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2115168$
[2010/09/28 21:45:56 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2121546$
[2010/09/28 21:45:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2141007$
[2010/09/28 21:48:58 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2158563$
[2010/09/28 21:44:19 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2160329$
[2010/07/28 16:00:09 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2229593$
[2010/09/28 21:45:37 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2259922$
[2010/10/13 02:05:07 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2279986$
[2010/09/28 21:38:52 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2286198$
[2010/10/13 02:04:57 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2296011$
[2010/12/15 17:47:37 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2296199$
[2010/10/13 02:05:03 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2345886$
[2010/09/28 21:46:01 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2347290$
[2010/10/13 02:00:31 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2360937$
[2010/10/13 02:04:29 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2378111_WM9$
[2010/10/13 02:05:12 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2387149$
[2011/02/10 03:00:28 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2393802$
[2011/04/14 02:05:23 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2412687$
[2011/01/12 17:14:26 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2419632$
[2010/12/15 17:44:15 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2423089$
[2010/12/15 17:47:15 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2436673$
[2010/12/15 17:47:25 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2440591$
[2010/12/15 17:47:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2443105$
[2010/12/15 17:47:21 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2443685$
[2010/12/15 17:46:35 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2467659$
[2011/06/16 02:05:30 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2476490$
[2011/02/10 03:00:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2476687$
[2011/02/10 03:00:40 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2478960$
[2012/01/04 09:45:55 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2478971$
[2011/02/10 03:02:48 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2479628$
[2011/03/09 03:02:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2479943$
[2011/02/10 03:02:40 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2483185$
[2011/03/09 03:02:25 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2483614$
[2011/02/10 03:02:53 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2485376$
[2011/04/14 02:07:28 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2485663$
[2011/04/14 02:08:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2491683$
[2011/04/14 02:02:59 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2503658$
[2011/06/16 02:05:25 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2503665$
[2011/04/14 02:02:19 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2506212$
[2011/04/14 02:06:08 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2506223$
[2011/04/14 02:02:44 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2507618$
[2011/07/14 02:02:46 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2507938$
[2011/04/14 02:03:05 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2508272$
[2011/04/14 02:02:39 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2508429$
[2011/04/14 02:00:36 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2509553$
[2011/04/14 02:06:15 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2510581$
[2011/04/14 02:02:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2511455$
[2011/03/24 02:00:39 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2524375$
[2011/06/16 02:04:13 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2535512$
[2011/06/16 02:03:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2536276$
[2011/08/10 02:03:29 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2536276-v2$
[2011/06/29 02:00:24 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2541763$
[2011/06/16 02:03:24 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2544893$
[2011/11/09 03:02:40 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2544893-v2$
[2011/07/14 02:00:26 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2555917$
[2011/08/10 02:00:27 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2562937$
[2011/10/13 16:39:36 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2564958$
[2011/08/10 02:00:35 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2566454$
[2011/10/13 16:35:00 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2567053$
[2011/08/10 02:03:35 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2567680$
[2011/08/10 02:02:57 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2570222$
[2011/08/24 15:51:13 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2570791$
[2011/09/14 15:44:19 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2570947$
[2012/01/12 17:34:15 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2584146$
[2012/01/24 07:34:21 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2585542$
[2011/10/13 16:34:54 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2592799$
[2012/01/12 17:35:02 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2598479$
[2012/01/12 17:34:56 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2603381$
[2011/09/07 02:00:26 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2607712$
[2011/09/14 15:47:47 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2616676$
[2011/12/14 23:27:12 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2618451$
[2011/12/14 23:27:18 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2619339$
[2011/12/14 23:26:55 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2620712$
[2011/12/14 23:31:56 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2624667$
[2012/01/12 17:37:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2631813$
[2011/12/14 23:26:40 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2633171$
[2011/12/14 23:27:51 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2633952$
[2011/12/14 23:32:03 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2639417$
[2011/11/11 12:43:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2641690$
[2012/01/12 17:37:13 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2646524$
[2012/02/14 18:29:22 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2660465$
[2012/02/14 18:27:18 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2661637$
[2008/01/18 17:59:13 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB835221WXP$
[2008/02/07 14:48:55 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB885836$
[2008/02/07 14:48:53 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB886185$
[2008/02/07 14:48:58 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB888302$
[2008/02/07 14:49:10 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB890859$
[2008/02/07 14:49:51 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB891122$
[2008/02/07 14:49:15 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB893756$
[2008/02/07 14:49:20 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB894391$
[2008/02/07 14:49:04 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB896344$
[2008/02/07 14:49:00 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB896428$
[2008/02/07 14:45:23 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB898461$
[2008/02/07 14:49:17 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB899587$
[2008/02/07 14:50:01 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB900485$
[2008/02/07 14:49:35 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB900725$
[2008/02/07 14:49:27 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB901017$
[2008/02/07 15:00:57 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB902344$
[2010/06/25 10:36:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB902400$
[2008/02/07 14:50:12 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB904942$
[2008/02/07 14:49:29 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB905414$
[2008/02/07 14:49:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB905749$
[2008/02/07 14:49:57 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB910437$
[2008/02/07 14:50:09 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB911280$
[2008/02/07 14:49:59 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB911927$
[2008/02/07 14:50:07 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB913580$
[2008/02/07 14:50:05 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB914389$
[2008/02/07 14:51:24 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB914440$
[2008/02/07 14:51:54 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB915865$
[2008/02/07 14:50:18 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB916595$
[2008/02/07 15:01:02 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB920342$
[2008/02/07 14:50:22 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB920872$
[2008/02/07 14:50:17 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB922582$
[2008/02/07 14:50:25 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB922819$
[2009/04/27 21:17:57 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB923561$
[2008/02/07 14:50:36 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB923723$
[2008/02/07 14:50:31 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB925876$
[2008/02/07 14:50:28 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB927779$
[2008/02/07 14:50:39 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB927891$
[2008/11/12 20:28:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB929399$
[2008/02/07 14:50:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB930916$
[2008/01/18 17:58:16 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB931784$
[2008/05/29 08:46:36 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB932823-v3$
[2008/02/07 14:50:49 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB933729$
[2008/02/07 14:50:57 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB936357$
[2008/11/12 20:28:23 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB936782_WMP11$
[2008/02/07 14:52:57 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB937894$
[2008/11/12 20:29:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB938464$
[2008/02/07 14:49:07 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB939653$
[2008/11/12 20:28:14 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB939683$
[2008/02/07 14:50:51 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB941202$
[2008/02/07 14:52:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB941568$
[2008/02/07 14:53:27 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB941569$
[2008/02/07 14:53:29 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB941644$
[2008/04/09 16:18:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB941693$
[2011/12/30 12:17:01 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB942288-v3$
[2008/02/07 14:52:50 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB942615$
[2008/02/07 14:52:43 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB942763$
[2008/02/07 14:53:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB942840$
[2008/02/14 14:53:24 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB943055$
[2008/02/07 14:50:55 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB943460$
[2008/02/07 14:53:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB943485$
[2008/11/12 20:29:50 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB943729$
[2008/02/07 14:52:53 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB944653$
[2011/06/06 15:23:49 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB945060-v3$
[2008/04/09 16:17:42 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB945553$
[2008/02/14 14:53:39 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB946026$
[2008/11/12 20:28:39 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB946648$
[2008/04/09 16:18:18 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB948590$
[2008/04/09 16:18:37 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB948881$
[2008/05/14 13:56:03 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB950749$
[2008/06/12 11:17:52 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB950760$
[2008/06/14 17:32:48 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB950762$
[2008/06/12 11:17:56 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB950762_0$
[2008/09/02 06:59:46 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB950974$
[2008/11/12 20:28:37 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951066$
[2008/11/12 20:28:46 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951072-v2$
[2008/06/14 17:32:52 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951376$
[2008/11/12 20:27:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951376-v2$
[2008/06/12 11:17:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951376_0$
[2008/06/14 17:32:57 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951698$
[2008/06/12 11:18:00 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951698_0$
[2009/01/23 07:31:59 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951748$
[2008/11/12 20:28:04 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB951978$
[2009/04/27 21:18:59 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB952004$
[2008/12/23 07:17:15 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB952069_WM9$
[2008/11/12 20:28:50 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB952287$
[2008/11/12 20:28:43 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB952954$
[2008/11/12 20:29:33 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB954154_WM11$
[2009/10/22 17:11:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB954155_WM9$
[2011/08/23 15:18:12 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB954211$
[2008/11/12 20:33:26 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB954459$
[2008/12/23 07:18:28 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB954600$
[2008/11/12 20:33:19 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB955069$
[2010/01/13 03:02:38 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB955759$
[2008/12/23 07:18:49 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB955839$
[2008/11/12 20:32:23 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956391$
[2009/04/27 21:18:36 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956572$
[2009/10/22 17:05:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956744$
[2008/12/23 07:18:31 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956802$
[2008/11/12 20:32:27 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956803$
[2008/11/12 20:32:32 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956841$
[2009/10/22 17:07:00 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB956844$
[2008/11/12 20:32:37 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB957095$
[2008/11/12 20:34:17 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB957097$
[2008/11/12 20:32:55 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB958644$
[2009/01/23 07:32:26 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB958687$
[2009/04/27 21:08:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB958690$
[2009/10/22 17:12:14 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB958869$
[2009/04/27 21:19:14 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB959426$
[2009/04/27 21:08:37 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB959772_WM11$
[2009/04/27 21:08:01 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB960225$
[2009/04/27 21:06:33 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB960715$
[2009/04/27 21:19:07 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB960803$
[2009/10/22 17:05:48 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB960859$
[2009/06/12 20:17:14 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB961118$
[2009/10/22 17:06:38 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB961371-v2$
[2009/04/27 21:18:10 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB961373$
[2009/06/12 20:17:38 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB961501$
[2009/04/27 21:08:17 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB967715$
[2009/10/22 17:15:20 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB968389$
[2009/06/12 20:17:42 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB968537$
[2009/10/22 17:07:14 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB968816_WM9$
[2010/02/23 18:06:59 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB968930$
[2009/10/22 17:12:21 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB969059$
[2010/02/23 18:07:27 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB969084$
[2009/06/12 20:17:35 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB969898$
[2009/11/30 11:34:15 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB969947$
[2009/06/12 20:17:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB970238$
[2010/01/08 20:03:14 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB970430$
[2009/10/22 17:06:34 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB970653-v3$
[2011/03/02 16:51:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971029$
[2010/02/11 03:02:47 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971468$
[2009/10/22 17:12:00 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971486$
[2009/11/30 11:32:18 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971513$
[2009/10/22 17:05:05 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971557$
[2009/10/22 17:04:26 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971633$
[2009/10/22 17:05:57 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971657$
[2010/01/08 20:01:35 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971737$
[2009/10/22 17:07:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB971961$
[2010/01/13 03:02:02 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB972270$
[2009/10/22 17:05:39 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973354$
[2009/10/22 17:05:43 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973507$
[2009/10/22 17:11:29 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973525$
[2009/10/22 17:05:22 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973540_WM9$
[2009/11/30 11:35:56 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973687$
[2009/10/22 17:05:52 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973815$
[2009/10/22 17:05:30 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973869$
[2010/01/08 20:02:12 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB973904$
[2009/10/22 17:11:52 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB974112$
[2010/01/08 20:02:56 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB974318$
[2010/01/08 20:01:42 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB974392$
[2009/10/22 17:11:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB974571$
[2009/10/22 17:11:37 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB975025$
[2009/10/22 17:15:27 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB975467$
[2010/09/28 21:45:45 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB975558_WM8$
[2010/02/11 03:00:50 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB975560$
[2010/03/17 15:30:19 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB975561$
[2010/07/28 15:58:48 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB975562$
[2010/02/11 03:01:01 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB975713$
[2009/11/30 11:36:04 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB976098-v2$
[2010/02/11 03:00:26 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB977165$
[2010/04/23 15:59:31 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB977816$
[2010/02/11 03:00:44 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB977914$
[2010/02/11 03:01:05 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978037$
[2010/02/11 03:00:55 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978251$
[2010/02/11 03:03:22 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978262$
[2010/04/23 15:59:35 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978338$
[2010/05/26 12:31:05 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978542$
[2010/04/23 15:58:59 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978601$
[2010/07/28 15:59:06 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978695_WM9$
[2010/02/11 03:00:38 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB978706$
[2010/04/23 15:58:55 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB979309$
[2010/07/28 15:59:01 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB979482$
[2010/07/28 15:59:17 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB979559$
[2010/04/23 15:59:50 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB979683$
[2010/10/13 02:03:58 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB979687$
[2010/07/28 16:01:13 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB980195$
[2010/07/28 16:03:15 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB980218$
[2010/04/23 15:59:44 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB980232$
[2010/09/28 21:45:23 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB980436$
[2010/09/28 21:45:42 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB981322$
[2010/04/23 15:59:39 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB981349$
[2010/09/28 21:45:14 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB981852$
[2010/10/13 02:01:53 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB981957$
[2010/09/28 21:44:27 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB981997$
[2010/10/13 02:04:26 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB982132$
[2010/09/28 21:44:12 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB982214$
[2010/09/28 21:39:09 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB982665$
[2010/09/28 21:45:51 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB982802$
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/27 03:49:32 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/27 03:49:32 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/27 03:49:32 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/27 03:49:32 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/27 03:49:32 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/12/16 06:00:16 | 000,634,680 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/27 03:49:32 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/27 03:49:32 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/27 03:49:32 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/27 03:49:32 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/27 03:49:32 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/12/16 06:00:16 | 000,634,680 | ---- | M] (Microsoft Corporation)
< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-02-14 23:33:35
< End of report >
5. Computer seems to be ok, there are no outstanding issues that I am aware of.
#21
- Agent ST
-
- Group: Malware Response Team
- Posts: 12,666
- Joined: 15-March 09
- Gender:Male
- Location:Antarctica
Posted 16 February 2012 - 02:33 AM
Hi!
Okay.
Did you set this proxy in Internet Explorer?
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80
VirusTotal File Scan
Please go to: VirusTotal
If it says already scanned -- click "reanalyze now"
Please repeat the above process for the following files below:
C:\Documents and Settings\All Users\Application Data\awmsg.dat
C:\Documents and Settings\All Users\Application Data\amguid.dat
C:\Documents and Settings\All Users\Application Data\winam.dat
C:\WINDOWS\System32\SCP150A.DLL
C:\WINDOWS\System32\SCP150.DLL
Please post the results in your next reply
NEXT:
OTL Fix
We need to run an OTL Fix
Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below.
Quote
1. I am not using IE anymore strictly Google Chrome. I dont see a need for updating it. If I could disable IE would disabling Chrome I would.
Did you set this proxy in Internet Explorer?
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80
VirusTotal File Scan
Please go to: VirusTotal
- Click the Choose File button and search for the following file: C:\Documents and Settings\All Users\Application Data\amprm.dat
- Click Open
- Then click Send File
If it says already scanned -- click "reanalyze now"
- Please be patient while the file is scanned.
- Once the scan results appear, please click on the Compact button.
- A new window should appear with a bunch of tabs at the top. Please click on the BBCode tab.
- Copy and Paste the contents of the text in the BBCode into your next reply for me to review.
Please repeat the above process for the following files below:
C:\Documents and Settings\All Users\Application Data\awmsg.dat
C:\Documents and Settings\All Users\Application Data\amguid.dat
C:\Documents and Settings\All Users\Application Data\winam.dat
C:\WINDOWS\System32\SCP150A.DLL
C:\WINDOWS\System32\SCP150.DLL
Please post the results in your next reply
NEXT:
OTL Fix
We need to run an OTL Fix
Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below.
- Please reopen on your desktop.
- Copy and Paste the following code into the textbox.
:Services :Processes :OTL O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. :Reg :Files dir /s /a "C:\Documents and Settings\All Users\Application Data\{A0559A84-0A11-425F-BFFC-532378694B25}" /c :Commands [CreateRestorePoint] [emptytemp] [EMPTYFLASH] [EMPTYJAVA] - Push
- OTL may ask to reboot the machine. Please do so if asked.
- Click the OK button.
- A report will open. Copy and Paste that report in your next reply.
- If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Have I helped you? If you'd like to assist in the fight against malware, click here
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
#22
- Agent ST
-
- Group: Malware Response Team
- Posts: 12,666
- Joined: 15-March 09
- Gender:Male
- Location:Antarctica
Posted 24 February 2012 - 09:22 AM
Due to lack of feedback this thread will now be closed. If you still require assistance, and would like to have your thread re-opened, please feel free to send me a Private Message (PM) being sure to include a link to your topic, and I'd be happy to re-open it.
Have I helped you? If you'd like to assist in the fight against malware, click here
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
#23
- Agent ST
-
- Group: Malware Response Team
- Posts: 12,666
- Joined: 15-March 09
- Gender:Male
- Location:Antarctica
Posted 25 February 2012 - 08:26 AM
This topic has been re-opened at the request of the person who originally posted.
Have I helped you? If you'd like to assist in the fight against malware, click here
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
#24
- Member
-
- Group: Members
- Posts: 17
- Joined: 23-January 12
Posted 26 February 2012 - 09:25 AM
SweetTech,
1. After file is scanned I am not seeing the "compact" button you are referring to.
2. See below for OTL Fix log:
All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
========== REGISTRY ==========
========== FILES ==========
< dir /s /a "C:\Documents and Settings\All Users\Application Data\{A0559A84-0A11-425F-BFFC-532378694B25}" /c >
Volume in drive C has no label.
Volume Serial Number is 3437-42F2
Directory of C:\Documents and Settings\All Users\Application Data\{A0559A84-0A11-425F-BFFC-532378694B25}
01/23/2012 10:04 AM <DIR> .
01/23/2012 10:04 AM <DIR> ..
01/23/2012 10:04 AM 3,584 1033.MST
01/23/2012 10:04 AM 19,041,280 default.msi
2 File(s) 19,044,864 bytes
Total Files Listed:
2 File(s) 19,044,864 bytes
2 Dir(s) 168,734,978,048 bytes free
C:\Documents and Settings\gdouglas\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\gdouglas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Administrator.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: administrator.BV
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: asuchta
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: asuchta.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: BV User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: dblake
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: dblake.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: dburcham
->Temp folder emptied: 382381 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: gdouglas
->Temp folder emptied: 123256148 bytes
->Temporary Internet Files folder emptied: 1954822 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 394109930 bytes
->Flash cache emptied: 34135 bytes
User: jvaughan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: jvaughan.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: user1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: User1.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7581 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 100898809 bytes
Total Files Cleaned = 592.00 mb
[EMPTYFLASH]
User: Administrator
User: Administrator.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
User: administrator.BV
User: All Users
User: asuchta
->Flash cache emptied: 0 bytes
User: asuchta.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
User: BV User
->Flash cache emptied: 0 bytes
User: dblake
->Flash cache emptied: 0 bytes
User: dblake.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
User: dburcham
->Flash cache emptied: 0 bytes
User: Default User
User: gdouglas
->Flash cache emptied: 0 bytes
User: jvaughan
User: jvaughan.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: user1
->Flash cache emptied: 0 bytes
User: User1.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
[EMPTYJAVA]
User: Administrator
User: Administrator.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
User: administrator.BV
User: All Users
User: asuchta
->Java cache emptied: 0 bytes
User: asuchta.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
User: BV User
User: dblake
User: dblake.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
User: dburcham
User: Default User
User: gdouglas
->Java cache emptied: 0 bytes
User: jvaughan
User: jvaughan.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: user1
User: User1.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
Total Java Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 02262012_091546
Files\Folders moved on Reboot...
C:\Documents and Settings\gdouglas\Local Settings\Temp\ExchangePerflog_8484fa31dd3425cbf59f10c8.dat moved successfully.
File\Folder C:\Documents and Settings\gdouglas\Local Settings\Temporary Internet Files\Content.Word\~WRS{6DFE3F32-E96C-40BC-A0C7-36A119473131}.tmp not found!
File\Folder C:\Documents and Settings\gdouglas\Local Settings\Temporary Internet Files\Content.Word\~WRS{8A1F2A35-4812-4231-B8CD-D9BFDEDEDF7B}.tmp not found!
Registry entries deleted on Reboot...
1. After file is scanned I am not seeing the "compact" button you are referring to.
2. See below for OTL Fix log:
All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
========== REGISTRY ==========
========== FILES ==========
< dir /s /a "C:\Documents and Settings\All Users\Application Data\{A0559A84-0A11-425F-BFFC-532378694B25}" /c >
Volume in drive C has no label.
Volume Serial Number is 3437-42F2
Directory of C:\Documents and Settings\All Users\Application Data\{A0559A84-0A11-425F-BFFC-532378694B25}
01/23/2012 10:04 AM <DIR> .
01/23/2012 10:04 AM <DIR> ..
01/23/2012 10:04 AM 3,584 1033.MST
01/23/2012 10:04 AM 19,041,280 default.msi
2 File(s) 19,044,864 bytes
Total Files Listed:
2 File(s) 19,044,864 bytes
2 Dir(s) 168,734,978,048 bytes free
C:\Documents and Settings\gdouglas\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\gdouglas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Administrator.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: administrator.BV
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: asuchta
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: asuchta.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: BV User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: dblake
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: dblake.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: dburcham
->Temp folder emptied: 382381 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: gdouglas
->Temp folder emptied: 123256148 bytes
->Temporary Internet Files folder emptied: 1954822 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 394109930 bytes
->Flash cache emptied: 34135 bytes
User: jvaughan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: jvaughan.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: user1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: User1.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7581 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 100898809 bytes
Total Files Cleaned = 592.00 mb
[EMPTYFLASH]
User: Administrator
User: Administrator.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
User: administrator.BV
User: All Users
User: asuchta
->Flash cache emptied: 0 bytes
User: asuchta.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
User: BV User
->Flash cache emptied: 0 bytes
User: dblake
->Flash cache emptied: 0 bytes
User: dblake.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
User: dburcham
->Flash cache emptied: 0 bytes
User: Default User
User: gdouglas
->Flash cache emptied: 0 bytes
User: jvaughan
User: jvaughan.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: user1
->Flash cache emptied: 0 bytes
User: User1.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
[EMPTYJAVA]
User: Administrator
User: Administrator.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
User: administrator.BV
User: All Users
User: asuchta
->Java cache emptied: 0 bytes
User: asuchta.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
User: BV User
User: dblake
User: dblake.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
User: dburcham
User: Default User
User: gdouglas
->Java cache emptied: 0 bytes
User: jvaughan
User: jvaughan.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: user1
User: User1.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
Total Java Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 02262012_091546
Files\Folders moved on Reboot...
C:\Documents and Settings\gdouglas\Local Settings\Temp\ExchangePerflog_8484fa31dd3425cbf59f10c8.dat moved successfully.
File\Folder C:\Documents and Settings\gdouglas\Local Settings\Temporary Internet Files\Content.Word\~WRS{6DFE3F32-E96C-40BC-A0C7-36A119473131}.tmp not found!
File\Folder C:\Documents and Settings\gdouglas\Local Settings\Temporary Internet Files\Content.Word\~WRS{8A1F2A35-4812-4231-B8CD-D9BFDEDEDF7B}.tmp not found!
Registry entries deleted on Reboot...
#25
- Agent ST
-
- Group: Malware Response Team
- Posts: 12,666
- Joined: 15-March 09
- Gender:Male
- Location:Antarctica
Posted 27 February 2012 - 03:06 AM
Hi noogman!
Could you please provide me with the link that's in your address bar after the scan completes on that file.
Quote
1. After file is scanned I am not seeing the "compact" button you are referring to.
Could you please provide me with the link that's in your address bar after the scan completes on that file.
Have I helped you? If you'd like to assist in the fight against malware, click here
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
#27
- Agent ST
-
- Group: Malware Response Team
- Posts: 12,666
- Joined: 15-March 09
- Gender:Male
- Location:Antarctica
Posted 27 February 2012 - 08:20 AM
Were any threats detected when you submitted these files to VirusTotal?
C:\Documents and Settings\All Users\Application Data\awmsg.dat
C:\Documents and Settings\All Users\Application Data\amguid.dat
C:\Documents and Settings\All Users\Application Data\winam.dat
C:\WINDOWS\System32\SCP150A.DLL
C:\WINDOWS\System32\SCP150.DLL
C:\Documents and Settings\All Users\Application Data\awmsg.dat
C:\Documents and Settings\All Users\Application Data\amguid.dat
C:\Documents and Settings\All Users\Application Data\winam.dat
C:\WINDOWS\System32\SCP150A.DLL
C:\WINDOWS\System32\SCP150.DLL
Have I helped you? If you'd like to assist in the fight against malware, click here
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
#28
- Member
-
- Group: Members
- Posts: 17
- Joined: 23-January 12
Posted 29 February 2012 - 09:29 AM
SweetTech,
Below is analysis.
1. AWMSG.dat
https://www.virustotal.com/file/d55f126e233e3074b61f20b93c26a93022214d1e2bbe26845f6e26a6261448a0/analysis/1330525480/
Detection 0/43
2. AMGUID.dat
https://www.virustotal.com/file/c92afce68aee110bbe990e1061c27ffe0dcba54256d8713f4a2604ffe80cd0f9/analysis/1330525335/
Detection 0/43
3. WINAM.dat
https://www.virustotal.com/file/88c4a198b1fb09b922b8f2bb2ab1038c106ecac87547fa7d2681bc49a251cbf1/analysis/1330525101/
Detection 0/43
4. SCP150A.dll:
https://www.virustotal.com/file/09f433bd970d9a826f7fea1a4f59e12972b9ef86895ff2232f8b58ea60ba37fe/analysis/1330524849/
Detection 0/43
5. SCP150.dll:
https://www.virustotal.com/file/ada38865ecbb11623ac29dfa8b7e6881216908a1aaefa765c9122d7aab91f019/analysis/1330524288/
Detection 1/43 AntiVir: TR/Spy.Gen
Below is analysis.
1. AWMSG.dat
https://www.virustotal.com/file/d55f126e233e3074b61f20b93c26a93022214d1e2bbe26845f6e26a6261448a0/analysis/1330525480/
Detection 0/43
2. AMGUID.dat
https://www.virustotal.com/file/c92afce68aee110bbe990e1061c27ffe0dcba54256d8713f4a2604ffe80cd0f9/analysis/1330525335/
Detection 0/43
3. WINAM.dat
https://www.virustotal.com/file/88c4a198b1fb09b922b8f2bb2ab1038c106ecac87547fa7d2681bc49a251cbf1/analysis/1330525101/
Detection 0/43
4. SCP150A.dll:
https://www.virustotal.com/file/09f433bd970d9a826f7fea1a4f59e12972b9ef86895ff2232f8b58ea60ba37fe/analysis/1330524849/
Detection 0/43
5. SCP150.dll:
https://www.virustotal.com/file/ada38865ecbb11623ac29dfa8b7e6881216908a1aaefa765c9122d7aab91f019/analysis/1330524288/
Detection 1/43 AntiVir: TR/Spy.Gen
#29
- Agent ST
-
- Group: Malware Response Team
- Posts: 12,666
- Joined: 15-March 09
- Gender:Male
- Location:Antarctica
Posted 01 March 2012 - 02:31 AM
Hi noogman!
Apologizes on the delay, I had some things come up the last couple of days, and I'm just now getting around to responding to my users.
Thanks for uploading those files for me. I'm going to remove both of those files, there doesn't seem to be a lot of information out there about them.
OTL Fix
We need to run an OTL Fix
Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.
NEXT:
Re-Running OTL
We need to create a New FULL OTL Report
NEXT:
Are you experiencing any outstanding issues with your computer?
Apologizes on the delay, I had some things come up the last couple of days, and I'm just now getting around to responding to my users.
Thanks for uploading those files for me. I'm going to remove both of those files, there doesn't seem to be a lot of information out there about them.
OTL Fix
We need to run an OTL Fix
Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.
- Please reopen on your desktop.
- Copy and Paste the following code into the textbox.
:Services :Processes KILLALLPROCESSES :OTL :Reg :Files C:\WINDOWS\System32\SCP150A.DLL C:\WINDOWS\System32\SCP150.DLL ipconfig /flushdns /c :Commands [CreateRestorePoint] [emptytemp] [EMPTYFLASH] [EMPTYJAVA]
- Push
- OTL may ask to reboot the machine. Please do so if asked.
- Click the OK button.
- A report will open. Copy and Paste that report in your next reply.
- If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
NEXT:
Re-Running OTL
We need to create a New FULL OTL Report
- Please download OTL from here if you have not done so already:
- Save it to your desktop.
- Double click on the icon on your desktop.
- Click the "Scan All Users" checkbox.
- Change the "Extra Registry" option to "SafeList"
- In the box Cope & Paste the following:
msconfig safebootminimal activex drivers32 netsvcs "%WinDir%\$NtUninstallKB*$." /30 C:\Program Files\Common Files\ComObjects\*.* /s %systemroot%\*. /mp /s %systemroot%\*. /rp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90 %SYSTEMDRIVE%\*.exe /md5start volsnap.sys atapi.sys explorer.exe winlogon.exe wininit.exe tdx.sys /md5stop hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs
- Push the
button. - Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized
- OTL.txt <-- Will be opened
NEXT:
Are you experiencing any outstanding issues with your computer?
Have I helped you? If you'd like to assist in the fight against malware, click here
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
#30
- Member
-
- Group: Members
- Posts: 17
- Joined: 23-January 12
Posted 02 March 2012 - 05:46 PM
1. OTL Fix log:
All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\System32\SCP150A.DLL moved successfully.
C:\WINDOWS\System32\SCP150.DLL moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\gdouglas\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\gdouglas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Administrator.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: administrator.BV
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: asuchta
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: asuchta.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: BV User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: dblake
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: dblake.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: dburcham
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: gdouglas
->Temp folder emptied: 34070242 bytes
->Temporary Internet Files folder emptied: 1092645 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 423099560 bytes
->Flash cache emptied: 21828 bytes
User: jvaughan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: jvaughan.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: user1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: User1.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5411 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 437.00 mb
[EMPTYFLASH]
User: Administrator
User: Administrator.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
User: administrator.BV
User: All Users
User: asuchta
->Flash cache emptied: 0 bytes
User: asuchta.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
User: BV User
->Flash cache emptied: 0 bytes
User: dblake
->Flash cache emptied: 0 bytes
User: dblake.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
User: dburcham
->Flash cache emptied: 0 bytes
User: Default User
User: gdouglas
->Flash cache emptied: 0 bytes
User: jvaughan
User: jvaughan.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: user1
->Flash cache emptied: 0 bytes
User: User1.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
[EMPTYJAVA]
User: Administrator
User: Administrator.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
User: administrator.BV
User: All Users
User: asuchta
->Java cache emptied: 0 bytes
User: asuchta.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
User: BV User
User: dblake
User: dblake.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
User: dburcham
User: Default User
User: gdouglas
->Java cache emptied: 0 bytes
User: jvaughan
User: jvaughan.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: user1
User: User1.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
Total Java Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 03022012_172738
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
2. OTL Report:
OTL logfile created on: 3/2/2012 5:35:58 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\gdouglas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.70% Memory free
3.85 Gb Paging File | 3.32 Gb Available in Paging File | 86.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 157.30 Gb Free Space | 67.58% Space Free | Partition Type: NTFS
Drive D: | 242.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive P: | 1034.67 Gb Total Space | 865.91 Gb Free Space | 83.69% Space Free | Partition Type: NTFS
Drive W: | 1034.67 Gb Total Space | 865.91 Gb Free Space | 83.69% Space Free | Partition Type: NTFS
Drive Y: | 1034.67 Gb Total Space | 865.91 Gb Free Space | 83.69% Space Free | Partition Type: NTFS
Drive Z: | 1034.67 Gb Total Space | 865.91 Gb Free Space | 83.69% Space Free | Partition Type: NTFS
Computer Name: GARYD | User Name: gdouglas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/02/15 12:36:41 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/01/27 12:34:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gdouglas\Desktop\OTL.exe
PRC - [2009/05/12 22:12:36 | 002,440,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/05/12 20:55:30 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/05/12 20:55:28 | 001,803,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/03/17 00:25:56 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/03/17 00:25:36 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/10/15 01:03:55 | 000,045,936 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/26 20:03:46 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/06/20 15:30:18 | 000,079,168 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/11/21 17:16:02 | 000,724,992 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2006/07/07 13:25:28 | 000,159,744 | ---- | M] () -- C:\Program Files\AMSys\swsys.exe
========== Modules (No Company Name) ==========
MOD - [2012/02/15 00:03:36 | 000,429,040 | ---- | M] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\ppgooglenaclpluginchrome.dll
MOD - [2012/02/15 00:03:34 | 003,772,912 | ---- | M] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\pdf.dll
MOD - [2012/02/15 00:02:10 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\avutil-51.dll
MOD - [2012/02/15 00:02:08 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\avformat-53.dll
MOD - [2012/02/15 00:02:07 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\avcodec-53.dll
MOD - [2006/07/07 13:24:38 | 000,053,248 | ---- | M] () -- C:\Program Files\AMSys\swkbhk.dll
========== Win32 Services (SafeList) ==========
SRV - [2012/02/15 12:36:41 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/12/30 12:31:48 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/12 22:12:36 | 002,440,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/05/12 20:55:28 | 001,803,592 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/03/20 18:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/03/17 00:25:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/03/17 00:25:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/02/01 21:43:02 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/08/28 07:40:37 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/07/26 20:03:46 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/06/20 15:30:18 | 000,079,168 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
========== Driver Services (SafeList) ==========
DRV - [2012/02/05 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/05 04:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/18 06:09:40 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120301.018\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/18 06:09:40 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120301.018\NAVENG.SYS -- (NAVENG)
DRV - [2011/06/22 19:05:28 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2009/06/12 20:45:15 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/05/12 20:58:06 | 000,091,976 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/05/12 20:56:32 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/03/04 13:07:52 | 000,319,920 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/03/04 13:07:52 | 000,280,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/03/04 13:07:52 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/11/18 17:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/14 11:24:18 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/09/09 13:54:42 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/08/21 10:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/21 10:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/09/11 20:23:54 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/09/11 19:58:28 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2007/06/20 15:30:20 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080118
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080118
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080118
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080118
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp
IE - HKU\S-1-5-21-179842681-2008273749-2489577197-1143\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKU\S-1-5-21-179842681-2008273749-2489577197-1143\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-179842681-2008273749-2489577197-1143\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-179842681-2008273749-2489577197-1143\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U3 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: AdBlock = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.20_0\
CHR - Extension: Gmail = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/01/28 09:17:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient_2.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-179842681-2008273749-2489577197-1143\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Speed Launch] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SWClient] C:\Program Files\AMSys\swsys.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-179842681-2008273749-2489577197-1143\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-179842681-2008273749-2489577197-1143\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-179842681-2008273749-2489577197-1143\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-179842681-2008273749-2489577197-1143\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230034079881 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230033763904 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BlakeVaughan.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C42441BC-202C-447A-9C53-CA2F9084FD5E}: NameServer = 192.168.1.5
O18 - Protocol\Handler\asp {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\ezstor {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\hsp {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-asp {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-cnote {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-hsp {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-mem1 {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\system32\WowCtl2.dll (EzTools Software)
O18 - Protocol\Handler\x-zip {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\zip {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/10/28 04:14:54 | 000,000,175 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012/03/01 20:55:18 | 000,000,000 | ---D | M] - W:\AutoSave -- [ NTFS ]
O32 - AutoRun File - [2011/04/28 14:16:33 | 000,000,000 | ---D | M] - Z:\autocad 2010 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
MsConfig - StartUpReg: ECenter - hkey= - key= - C:\dell\E-Center\EULALauncher.exe ( )
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {276B13EC-63FC-1659-C1CF-1F86509C43BB} - DirectX
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {435F0015-EF44-DE33-C2D9-FBB3E1374E5B} - Java (Sun)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4D9CAF39-0F8D-C0ED-8AE2-130392E13336} - Java (Sun)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
========== Files/Folders - Created Within 30 Days ==========
[2012/03/02 17:26:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\gdouglas\Desktop\OTL.exe
[2012/02/24 13:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\AMSys
[2012/02/23 10:31:07 | 000,000,000 | ---D | C] -- C:\TEMP
[2012/02/21 18:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CAPS
[2012/02/15 12:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\Sun
[2012/02/15 12:43:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/15 12:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/15 12:36:59 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/02/15 12:36:59 | 000,224,136 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/02/15 12:36:59 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/02/15 12:36:59 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/02/15 12:36:59 | 000,141,312 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/02/15 12:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/02/13 08:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/02/13 08:21:49 | 000,567,696 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/02/07 07:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/03 07:57:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/19 08:04:10 | 000,161,344 | ---- | C] (Altiris) -- C:\Program Files\UNWISE.EXE
[2010/07/19 08:03:58 | 000,122,880 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\unpack200.exe
[2010/07/19 08:03:52 | 001,498,112 | ---- | C] (U.S. Department of Energy/Pacific Northwest National Laboratory) -- C:\Program Files\checkEng.DLL
[2010/07/19 08:03:52 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr71.dll
[2010/07/19 08:03:52 | 000,024,576 | ---- | C] (KeyWorks Software) -- C:\Program Files\keyHH.exe
[2010/06/07 12:43:46 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
========== Files - Modified Within 30 Days ==========
[2012/03/02 17:35:20 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A78FC571-7084-4D83-9EB8-98CDC3125C53}.job
[2012/03/02 17:31:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/02 17:31:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/02 17:30:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/02 17:30:36 | 2144,980,992 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/02 17:15:04 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-179842681-2008273749-2489577197-1143UA.job
[2012/03/02 17:15:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/02 17:05:51 | 000,000,848 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\amprm.dat
[2012/03/02 09:22:32 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2012/03/02 08:15:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-179842681-2008273749-2489577197-1143Core.job
[2012/03/01 13:55:13 | 000,151,088 | ---- | M] () -- C:\yvonne-strahovski-march-maxim-australia-06-435x580.jpg
[2012/03/01 11:39:37 | 000,131,136 | ---- | M] () -- C:\Productimage_Classic36k.jpg
[2012/03/01 08:08:46 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012/02/26 20:50:00 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\defrag.job
[2012/02/24 13:44:40 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\winam.dat
[2012/02/22 16:30:10 | 000,684,979 | ---- | M] () -- C:\Drawing2.dwg
[2012/02/22 11:43:15 | 000,009,790 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/02/22 09:36:43 | 000,001,635 | ---- | M] () -- C:\rf.jpg
[2012/02/22 09:28:17 | 000,507,056 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/22 09:28:17 | 000,089,850 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/15 12:36:41 | 000,224,136 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/02/15 12:36:41 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/02/15 12:36:40 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/02/15 12:36:40 | 000,567,696 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/02/15 12:36:40 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/02/15 12:36:40 | 000,141,312 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/02/15 07:57:03 | 000,260,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/14 18:29:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/07 16:42:24 | 000,000,463 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to scans on 192.168.1.5.lnk
[2012/02/07 16:21:13 | 000,068,390 | ---- | M] () -- C:\acadminidump.dmp
[2012/02/06 18:54:48 | 000,000,138 | ---- | M] () -- C:\Documents and Settings\gdouglas\My Documents\acad.err
[2012/02/06 08:47:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/02/03 09:11:11 | 000,002,933 | ---- | M] () -- C:\WINDOWS\TOPSS.ini
[2012/02/03 09:11:11 | 000,000,083 | ---- | M] () -- C:\WINDOWS\subrules.ini
[2012/02/03 09:11:11 | 000,000,021 | ---- | M] () -- C:\WINDOWS\odbcddp.ini
[2012/02/03 09:11:11 | 000,000,008 | ---- | M] () -- C:\WINDOWS\dcrudll.ini
========== Files Created - No Company Name ==========
[2012/03/01 13:55:15 | 000,151,088 | ---- | C] () -- C:\yvonne-strahovski-march-maxim-australia-06-435x580.jpg
[2012/03/01 11:39:45 | 000,131,136 | ---- | C] () -- C:\Productimage_Classic36k.jpg
[2012/02/22 16:30:10 | 000,684,979 | ---- | C] () -- C:\Drawing2.dwg
[2012/02/22 09:36:53 | 000,001,635 | ---- | C] () -- C:\rf.jpg
[2012/02/14 16:04:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/14 16:04:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/06 18:54:48 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\gdouglas\My Documents\acad.err
[2012/02/06 18:54:43 | 000,068,390 | ---- | C] () -- C:\acadminidump.dmp
[2012/02/06 08:47:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/16 12:16:32 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/16 10:30:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/16 10:30:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/16 10:30:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/16 10:30:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/16 10:30:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/14 10:58:23 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\WEBDIAL.EXE
[2011/01/20 15:12:35 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2010/07/27 15:33:09 | 001,069,184 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/19 08:03:58 | 000,000,223 | ---- | C] () -- C:\Program Files\unpackJars.bat
[2010/07/19 08:03:52 | 005,918,124 | ---- | C] () -- C:\Program Files\COMcheck.jar
[2010/07/19 08:03:52 | 004,565,469 | ---- | C] () -- C:\Program Files\cities.dat
[2010/07/19 08:03:52 | 000,633,516 | ---- | C] () -- C:\Program Files\counties.dat
[2010/07/19 08:03:52 | 000,274,944 | ---- | C] () -- C:\Program Files\COMcheck.exe
[2010/07/19 08:03:52 | 000,022,931 | ---- | C] () -- C:\Program Files\splash.gif
[2010/07/19 08:03:52 | 000,022,721 | ---- | C] () -- C:\Program Files\example99.cck
[2010/07/19 08:03:52 | 000,015,663 | ---- | C] () -- C:\Program Files\example.cck
[2010/07/19 08:03:52 | 000,000,299 | ---- | C] () -- C:\Program Files\defaults.dat
[2010/07/19 08:03:52 | 000,000,111 | ---- | C] () -- C:\Program Files\Start_COMcheck_CL_Log.bat
[2010/07/19 08:03:52 | 000,000,074 | ---- | C] () -- C:\Program Files\Start_COMcheck_CL.bat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/07 10:20:38 | 000,323,697 | ---- | C] () -- C:\WINDOWS\System32\airxwhl.dll
[2009/07/07 10:18:28 | 001,158,601 | ---- | C] () -- C:\WINDOWS\System32\refprop.dll
[2009/07/07 10:18:28 | 000,729,088 | ---- | C] () -- C:\WINDOWS\System32\r3a.dll
[2009/07/07 10:18:22 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\jdde.dll
[2009/07/07 10:18:20 | 000,000,401 | ---- | C] () -- C:\WINDOWS\System32\sdm39.ini
[2009/07/07 09:54:56 | 000,004,497 | ---- | C] () -- C:\WINDOWS\spcfg1.ini
[2009/07/07 09:54:17 | 000,002,275 | ---- | C] () -- C:\WINDOWS\System32\FSDM.INI
[2009/07/07 09:54:15 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\ECATENB2.DLL
[2009/07/07 09:54:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ECATEN33.DLL
[2009/07/07 09:54:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ECATEN32.DLL
[2009/06/24 12:52:48 | 000,000,848 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\amprm.dat
[2009/06/24 12:52:48 | 000,000,334 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\awmsg.dat
[2009/06/24 12:52:48 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\amguid.dat
[2009/06/24 12:52:48 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\winam.dat
[2008/09/16 15:02:08 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/04 07:45:51 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ESDErr1.dll
[2008/09/02 14:31:30 | 000,018,790 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2008/09/02 12:18:33 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\fusioncache.dat
[2008/09/02 12:07:14 | 000,000,083 | ---- | C] () -- C:\WINDOWS\subrules.ini
[2008/09/02 12:07:13 | 000,002,933 | ---- | C] () -- C:\WINDOWS\TOPSS.ini
[2008/09/02 12:07:13 | 000,000,021 | ---- | C] () -- C:\WINDOWS\odbcddp.ini
[2008/09/02 12:07:13 | 000,000,008 | ---- | C] () -- C:\WINDOWS\dcrudll.ini
[2008/09/02 12:05:37 | 000,254,464 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt2x.dll
[2008/09/02 12:05:37 | 000,169,567 | ---- | C] () -- C:\WINDOWS\System32\LJWing.dll
[2008/09/02 12:05:37 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\TgfWriterX2.dll
[2008/09/02 12:05:37 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\TgfWriter.dll
[2008/09/02 12:05:36 | 000,410,624 | ---- | C] () -- C:\WINDOWS\System32\dforrt.dll
[2008/09/02 12:05:36 | 000,251,904 | ---- | C] () -- C:\WINDOWS\System32\orant71.dll
[2008/09/02 12:05:36 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\Ivinfo.exe
[2008/09/02 12:05:36 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\ivtrn12.dll
[2008/09/02 12:05:36 | 000,005,792 | ---- | C] () -- C:\WINDOWS\System32\odbc16ut.dll
[2008/09/02 12:05:35 | 000,775,168 | ---- | C] () -- C:\WINDOWS\System32\corent23.dll
[2008/09/02 12:05:34 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2008/09/02 12:05:25 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\rcbuild.dll
[2008/09/02 12:05:24 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\PipelineX2.dll
[2008/09/02 12:05:24 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\PipelineX.dll
[2008/02/21 11:57:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/02/21 11:56:05 | 000,002,095 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/21 11:37:46 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/02/14 14:48:47 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2008/02/14 14:48:47 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
[2008/01/18 18:04:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/18 17:44:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/01/18 17:43:15 | 000,001,122 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 18:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 18:06:43 | 000,260,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 18:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 18:00:28 | 000,507,056 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 18:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 18:00:28 | 000,089,850 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 18:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 18:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 18:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 18:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 18:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 18:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 18:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 18:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
========== Custom Scans ==========
< "%WinDir%\$NtUninstallKB*$." /30 >
< C:\Program Files\Common Files\ComObjects\*.* /s >
< %systemroot%\*. /mp /s >
< %systemroot%\*. /rp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004/08/11 18:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/11 18:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/11 18:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\drivers\*.sys /90 >
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2012/01/16 12:17:16 | 000,111,872 | ---- | M] () -- C:\WINDOWS\system32\drivers\TrueSight.sys
< %SYSTEMDRIVE%\*.exe >
< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/06/14 17:26:33 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/06/14 17:26:33 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: VOLSNAP.SYS >
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/04 06:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\i386\volsnap.sys
[2004/08/04 06:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys
< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/12/16 06:00:16 | 000,634,680 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/12/16 06:00:16 | 000,634,680 | ---- | M] (Microsoft Corporation)
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35] -> C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 -> Junction
< End of report >
OTL Extras logfile created on: 3/2/2012 5:35:58 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\gdouglas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.70% Memory free
3.85 Gb Paging File | 3.32 Gb Available in Paging File | 86.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 157.30 Gb Free Space | 67.58% Space Free | Partition Type: NTFS
Drive D: | 242.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive P: | 1034.67 Gb Total Space | 865.91 Gb Free Space | 83.69% Space Free | Partition Type: NTFS
Drive W: | 1034.67 Gb Total Space | 865.91 Gb Free Space | 83.69% Space Free | Partition Type: NTFS
Drive Y: | 1034.67 Gb Total Space | 865.91 Gb Free Space | 83.69% Space Free | Partition Type: NTFS
Drive Z: | 1034.67 Gb Total Space | 865.91 Gb Free Space | 83.69% Space Free | Partition Type: NTFS
Computer Name: GARYD | User Name: gdouglas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-179842681-2008273749-2489577197-1143\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"Enabled" = 1
"AllowUserPrefMerge" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
"AllowUserPrefMerge" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:Enabled:Offer Remote Assistance - Port" = 135:TCP:*:Enabled:Offer Remote Assistance - Port
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = LocalSubnet
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"15164:UDP" = 15164:UDP:*:Enabled:AM Agent
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"3257:TCP" = 3257:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"15164:UDP" = 15164:UDP:*:Enabled:AM Agent
"1045:TCP" = 1045:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"\\Bvdc1\Wrightsoft HVAC\RSU.EXE" = \\Bvdc1\Wrightsoft HVAC\RSU.EXE:*:Enabled:Right-WebServer
"C:\Documents and Settings\gdouglas\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\gdouglas\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Disabled:Octoshape add-in for Adobe Flash Player
"C:\Documents and Settings\gdouglas\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{177D1318-3E4B-4A7C-A300-AC4E21BE090B}" = Broadcom Management Programs
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{237a4b21-78c1-11d6-a394-00104bd190b1}" = QuickBooks Basic Edition 2003
"{23E5032B-56CA-4C19-A72E-B50161DB82CA}" = Shadow Copy Client
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java™ 7 Update 3
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2b02f834-a9b9-458c-80e5-3ea8c0de8471}" = QuickBooks Premier: Professional Services Edition 2004
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE06D54-72B1-44B2-AB60-E4277EC80EF4}" = Microsoft XML Parser
"{403A22ED-90CC-4D92-B253-451E48453095}" = CAPS Reporting Library
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5783F2D7-5106-0409-0012-0060B0CE6BBA}" = Autodesk Building Systems 2007.1
"{5783F2D7-8001-0409-0002-0060B0CE6BBA}" = AutoCAD 2010 - English
"{5783F2D7-8001-0409-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOK_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOK_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOK_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOK_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOK_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOK_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
"{989C7412-E123-47B0-A8FD-CC9378E8BA34}" = iDrawings Setup
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A09C820B-B173-47AA-9E68-C39D1F45648C}" = TREAT
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6F2A554-C572-46FD-BD7B-9CF1BCFCC8CA}" = Pipeline
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B9693E8C-200D-4F8D-8366-2467A7F225E6}" = AccusizeSetup
"{BC1E08E0-CB2D-11DE-72AE-021CA0252CD6}" = Chvac Version 7
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D689B418-235A-4290-A0A5-A75E490E0351}" = Symantec Endpoint Protection
"{DD8C7B5F-7F1B-41EE-BB83-991075A30327}" = TOPSS
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E56D5DC8-4C73-44B1-B650-AAD75C7A2701}" = Broadcom ASF Management Applications
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe Acrobat 8 Standard" = Adobe Acrobat 8.1.3 Standard
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AHU Selection v5.90" = AHU Selection v5.90
"AHUBuilder v6.00" = AHUBuilder v6.00
"Air Terminals Builder 1.09a" = Air Terminals Builder 1.09a
"Applied RTU Builder 2.03" = Applied RTU Builder 2.03
"AutoCAD 2010 - English" = AutoCAD 2010 - English
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"CAPS Engineer" = CAPS (Engineer)
"Chvac Version 7" = Chvac Version 7
"COMcheck 3.6.0" = COMcheck 3.6.0
"COMcheck 3.7.1" = COMcheck 3.7.1
"COMcheck 3.8.0 " = COMcheck 3.8.0
"Commercial Split Systems Builder v1.09g" = Commercial Split Systems Builder v1.09g
"E-CAT / E20-II Configuration Services 2.21" = E-CAT / E20-II Configuration Services 2.21
"E-CAT Enable 2.11" = E-CAT Enable 2.11
"ESET Online Scanner" = ESET Online Scanner v3
"Fan Coil Builder 3.29f" = Fan Coil Builder 3.29f
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Igneus Hydrant Flow Test" = Igneus Hydrant Flow Test 2.0
"IrfanView" = IrfanView (remove only)
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nu-Fin Coil Selection v1.06" = Nu-Fin Coil Selection v1.06
"NVIDIA Drivers" = NVIDIA Drivers
"OUTLOOK" = Microsoft Office Outlook 2007
"Packaged RTU Builder 1.19i" = Packaged RTU Builder 1.19i
"PoolPak Selection Software" = PoolPak Selection Software
"ProjectPoint-2008" = Autodesk Buzzsaw 2008.4.10013.111
"Right-Suite Universal Workstation" = Right-Suite Universal Workstation
"SCU Builder 2.09d" = SCU Builder 2.09d
"Unit Ventilators Builder 1.10" = Unit Ventilators Builder 1.10
"VLC media player" = VLC media player 1.0.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WSHP Builder 4.19l" = WSHP Builder 4.19l
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X Builder Framework 1.03q" = X Builder Framework 1.03q
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-179842681-2008273749-2489577197-1143\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.5.1
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/2/2012 4:47:19 PM | Computer Name = GARYD | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 3/2/2012 4:47:19 PM | Computer Name = GARYD | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 3/2/2012 6:07:24 PM | Computer Name = GARYD | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 3/2/2012 6:07:24 PM | Computer Name = GARYD | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 3/2/2012 6:17:24 PM | Computer Name = GARYD | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 3/2/2012 6:17:24 PM | Computer Name = GARYD | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 3/2/2012 6:31:19 PM | Computer Name = GARYD | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 3/2/2012 6:31:19 PM | Computer Name = GARYD | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 3/2/2012 6:31:32 PM | Computer Name = GARYD | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 3/2/2012 6:31:32 PM | Computer Name = GARYD | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
[ System Events ]
Error - 2/26/2012 10:15:47 AM | Computer Name = GARYD | Source = Service Control Manager | ID = 7031
Description = The Symantec Settings Manager service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 100
milliseconds: Restart the service.
Error - 3/2/2012 6:27:39 PM | Computer Name = GARYD | Source = Service Control Manager | ID = 7031
Description = The Symantec Management Client service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 1000
milliseconds: Restart the service.
Error - 3/2/2012 6:27:40 PM | Computer Name = GARYD | Source = Service Control Manager | ID = 7034
Description = The Broadcom ASF IP and SMBIOS Mailbox Monitor service terminated
unexpectedly. It has done this 1 time(s).
Error - 3/2/2012 6:27:40 PM | Computer Name = GARYD | Source = Service Control Manager | ID = 7031
Description = The Symantec Event Manager service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 200 milliseconds:
Restart the service.
Error - 3/2/2012 6:27:40 PM | Computer Name = GARYD | Source = Service Control Manager | ID = 7031
Description = The Symantec Settings Manager service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 100
milliseconds: Restart the service.
Error - 3/2/2012 6:27:42 PM | Computer Name = GARYD | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 3/2/2012 6:27:44 PM | Computer Name = GARYD | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 3/2/2012 6:27:44 PM | Computer Name = GARYD | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 3/2/2012 6:27:44 PM | Computer Name = GARYD | Source = Service Control Manager | ID = 7034
Description = The Intel® Matrix Storage Event Monitor service terminated unexpectedly.
It has done this 1 time(s).
Error - 3/2/2012 6:27:44 PM | Computer Name = GARYD | Source = Service Control Manager | ID = 7031
Description = The Symantec Endpoint Protection service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 10000
milliseconds: Restart the service.
< End of report >
3. No issues that I am aware of.
All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\System32\SCP150A.DLL moved successfully.
C:\WINDOWS\System32\SCP150.DLL moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\gdouglas\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\gdouglas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Administrator.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: administrator.BV
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: asuchta
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: asuchta.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: BV User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: dblake
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: dblake.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: dburcham
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: gdouglas
->Temp folder emptied: 34070242 bytes
->Temporary Internet Files folder emptied: 1092645 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 423099560 bytes
->Flash cache emptied: 21828 bytes
User: jvaughan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: jvaughan.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: user1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: User1.BLAKEVAUGHAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5411 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 437.00 mb
[EMPTYFLASH]
User: Administrator
User: Administrator.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
User: administrator.BV
User: All Users
User: asuchta
->Flash cache emptied: 0 bytes
User: asuchta.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
User: BV User
->Flash cache emptied: 0 bytes
User: dblake
->Flash cache emptied: 0 bytes
User: dblake.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
User: dburcham
->Flash cache emptied: 0 bytes
User: Default User
User: gdouglas
->Flash cache emptied: 0 bytes
User: jvaughan
User: jvaughan.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: user1
->Flash cache emptied: 0 bytes
User: User1.BLAKEVAUGHAN
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
[EMPTYJAVA]
User: Administrator
User: Administrator.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
User: administrator.BV
User: All Users
User: asuchta
->Java cache emptied: 0 bytes
User: asuchta.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
User: BV User
User: dblake
User: dblake.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
User: dburcham
User: Default User
User: gdouglas
->Java cache emptied: 0 bytes
User: jvaughan
User: jvaughan.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: user1
User: User1.BLAKEVAUGHAN
->Java cache emptied: 0 bytes
Total Java Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 03022012_172738
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
2. OTL Report:
OTL logfile created on: 3/2/2012 5:35:58 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\gdouglas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.70% Memory free
3.85 Gb Paging File | 3.32 Gb Available in Paging File | 86.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 157.30 Gb Free Space | 67.58% Space Free | Partition Type: NTFS
Drive D: | 242.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive P: | 1034.67 Gb Total Space | 865.91 Gb Free Space | 83.69% Space Free | Partition Type: NTFS
Drive W: | 1034.67 Gb Total Space | 865.91 Gb Free Space | 83.69% Space Free | Partition Type: NTFS
Drive Y: | 1034.67 Gb Total Space | 865.91 Gb Free Space | 83.69% Space Free | Partition Type: NTFS
Drive Z: | 1034.67 Gb Total Space | 865.91 Gb Free Space | 83.69% Space Free | Partition Type: NTFS
Computer Name: GARYD | User Name: gdouglas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/02/15 12:36:41 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/01/27 12:34:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gdouglas\Desktop\OTL.exe
PRC - [2009/05/12 22:12:36 | 002,440,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/05/12 20:55:30 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/05/12 20:55:28 | 001,803,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/03/17 00:25:56 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/03/17 00:25:36 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/10/15 01:03:55 | 000,045,936 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/26 20:03:46 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/06/20 15:30:18 | 000,079,168 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/11/21 17:16:02 | 000,724,992 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2006/07/07 13:25:28 | 000,159,744 | ---- | M] () -- C:\Program Files\AMSys\swsys.exe
========== Modules (No Company Name) ==========
MOD - [2012/02/15 00:03:36 | 000,429,040 | ---- | M] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\ppgooglenaclpluginchrome.dll
MOD - [2012/02/15 00:03:34 | 003,772,912 | ---- | M] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\pdf.dll
MOD - [2012/02/15 00:02:10 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\avutil-51.dll
MOD - [2012/02/15 00:02:08 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\avformat-53.dll
MOD - [2012/02/15 00:02:07 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\avcodec-53.dll
MOD - [2006/07/07 13:24:38 | 000,053,248 | ---- | M] () -- C:\Program Files\AMSys\swkbhk.dll
========== Win32 Services (SafeList) ==========
SRV - [2012/02/15 12:36:41 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/12/30 12:31:48 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/12 22:12:36 | 002,440,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/05/12 20:55:28 | 001,803,592 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/03/20 18:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/03/17 00:25:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/03/17 00:25:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/02/01 21:43:02 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/08/28 07:40:37 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/07/26 20:03:46 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/06/20 15:30:18 | 000,079,168 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
========== Driver Services (SafeList) ==========
DRV - [2012/02/05 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/05 04:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/18 06:09:40 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120301.018\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/18 06:09:40 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120301.018\NAVENG.SYS -- (NAVENG)
DRV - [2011/06/22 19:05:28 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2009/06/12 20:45:15 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/05/12 20:58:06 | 000,091,976 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/05/12 20:56:32 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/03/04 13:07:52 | 000,319,920 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/03/04 13:07:52 | 000,280,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/03/04 13:07:52 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/11/18 17:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/14 11:24:18 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/09/09 13:54:42 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/08/21 10:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/21 10:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/09/11 20:23:54 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/09/11 19:58:28 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2007/06/20 15:30:20 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080118
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080118
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080118
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080118
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp
IE - HKU\S-1-5-21-179842681-2008273749-2489577197-1143\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKU\S-1-5-21-179842681-2008273749-2489577197-1143\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-179842681-2008273749-2489577197-1143\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-179842681-2008273749-2489577197-1143\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U3 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: AdBlock = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.20_0\
CHR - Extension: Gmail = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/01/28 09:17:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient_2.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-179842681-2008273749-2489577197-1143\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Speed Launch] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SWClient] C:\Program Files\AMSys\swsys.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-179842681-2008273749-2489577197-1143\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-179842681-2008273749-2489577197-1143\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-179842681-2008273749-2489577197-1143\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-179842681-2008273749-2489577197-1143\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230034079881 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230033763904 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BlakeVaughan.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C42441BC-202C-447A-9C53-CA2F9084FD5E}: NameServer = 192.168.1.5
O18 - Protocol\Handler\asp {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\ezstor {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\hsp {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-asp {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-cnote {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-hsp {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-mem1 {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\system32\WowCtl2.dll (EzTools Software)
O18 - Protocol\Handler\x-zip {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\zip {8D32BA61-D15B-11d4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (EzTools Software)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/10/28 04:14:54 | 000,000,175 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012/03/01 20:55:18 | 000,000,000 | ---D | M] - W:\AutoSave -- [ NTFS ]
O32 - AutoRun File - [2011/04/28 14:16:33 | 000,000,000 | ---D | M] - Z:\autocad 2010 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
MsConfig - StartUpReg: ECenter - hkey= - key= - C:\dell\E-Center\EULALauncher.exe ( )
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {276B13EC-63FC-1659-C1CF-1F86509C43BB} - DirectX
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {435F0015-EF44-DE33-C2D9-FBB3E1374E5B} - Java (Sun)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4D9CAF39-0F8D-C0ED-8AE2-130392E13336} - Java (Sun)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
========== Files/Folders - Created Within 30 Days ==========
[2012/03/02 17:26:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\gdouglas\Desktop\OTL.exe
[2012/02/24 13:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\AMSys
[2012/02/23 10:31:07 | 000,000,000 | ---D | C] -- C:\TEMP
[2012/02/21 18:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CAPS
[2012/02/15 12:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\Sun
[2012/02/15 12:43:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/15 12:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/15 12:36:59 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/02/15 12:36:59 | 000,224,136 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/02/15 12:36:59 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/02/15 12:36:59 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/02/15 12:36:59 | 000,141,312 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/02/15 12:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/02/13 08:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/02/13 08:21:49 | 000,567,696 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/02/07 07:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/03 07:57:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/19 08:04:10 | 000,161,344 | ---- | C] (Altiris) -- C:\Program Files\UNWISE.EXE
[2010/07/19 08:03:58 | 000,122,880 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\unpack200.exe
[2010/07/19 08:03:52 | 001,498,112 | ---- | C] (U.S. Department of Energy/Pacific Northwest National Laboratory) -- C:\Program Files\checkEng.DLL
[2010/07/19 08:03:52 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr71.dll
[2010/07/19 08:03:52 | 000,024,576 | ---- | C] (KeyWorks Software) -- C:\Program Files\keyHH.exe
[2010/06/07 12:43:46 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
========== Files - Modified Within 30 Days ==========
[2012/03/02 17:35:20 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A78FC571-7084-4D83-9EB8-98CDC3125C53}.job
[2012/03/02 17:31:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/02 17:31:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/02 17:30:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/02 17:30:36 | 2144,980,992 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/02 17:15:04 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-179842681-2008273749-2489577197-1143UA.job
[2012/03/02 17:15:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/02 17:05:51 | 000,000,848 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\amprm.dat
[2012/03/02 09:22:32 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2012/03/02 08:15:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-179842681-2008273749-2489577197-1143Core.job
[2012/03/01 13:55:13 | 000,151,088 | ---- | M] () -- C:\yvonne-strahovski-march-maxim-australia-06-435x580.jpg
[2012/03/01 11:39:37 | 000,131,136 | ---- | M] () -- C:\Productimage_Classic36k.jpg
[2012/03/01 08:08:46 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012/02/26 20:50:00 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\defrag.job
[2012/02/24 13:44:40 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\winam.dat
[2012/02/22 16:30:10 | 000,684,979 | ---- | M] () -- C:\Drawing2.dwg
[2012/02/22 11:43:15 | 000,009,790 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/02/22 09:36:43 | 000,001,635 | ---- | M] () -- C:\rf.jpg
[2012/02/22 09:28:17 | 000,507,056 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/22 09:28:17 | 000,089,850 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/15 12:36:41 | 000,224,136 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/02/15 12:36:41 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/02/15 12:36:40 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/02/15 12:36:40 | 000,567,696 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/02/15 12:36:40 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/02/15 12:36:40 | 000,141,312 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/02/15 07:57:03 | 000,260,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/14 18:29:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/07 16:42:24 | 000,000,463 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to scans on 192.168.1.5.lnk
[2012/02/07 16:21:13 | 000,068,390 | ---- | M] () -- C:\acadminidump.dmp
[2012/02/06 18:54:48 | 000,000,138 | ---- | M] () -- C:\Documents and Settings\gdouglas\My Documents\acad.err
[2012/02/06 08:47:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/02/03 09:11:11 | 000,002,933 | ---- | M] () -- C:\WINDOWS\TOPSS.ini
[2012/02/03 09:11:11 | 000,000,083 | ---- | M] () -- C:\WINDOWS\subrules.ini
[2012/02/03 09:11:11 | 000,000,021 | ---- | M] () -- C:\WINDOWS\odbcddp.ini
[2012/02/03 09:11:11 | 000,000,008 | ---- | M] () -- C:\WINDOWS\dcrudll.ini
========== Files Created - No Company Name ==========
[2012/03/01 13:55:15 | 000,151,088 | ---- | C] () -- C:\yvonne-strahovski-march-maxim-australia-06-435x580.jpg
[2012/03/01 11:39:45 | 000,131,136 | ---- | C] () -- C:\Productimage_Classic36k.jpg
[2012/02/22 16:30:10 | 000,684,979 | ---- | C] () -- C:\Drawing2.dwg
[2012/02/22 09:36:53 | 000,001,635 | ---- | C] () -- C:\rf.jpg
[2012/02/14 16:04:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/14 16:04:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/06 18:54:48 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\gdouglas\My Documents\acad.err
[2012/02/06 18:54:43 | 000,068,390 | ---- | C] () -- C:\acadminidump.dmp
[2012/02/06 08:47:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\gdouglas\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/16 12:16:32 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/16 10:30:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/16 10:30:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/16 10:30:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/16 10:30:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/16 10:30:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/14 10:58:23 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\WEBDIAL.EXE
[2011/01/20 15:12:35 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2010/07/27 15:33:09 | 001,069,184 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/19 08:03:58 | 000,000,223 | ---- | C] () -- C:\Program Files\unpackJars.bat
[2010/07/19 08:03:52 | 005,918,124 | ---- | C] () -- C:\Program Files\COMcheck.jar
[2010/07/19 08:03:52 | 004,565,469 | ---- | C] () -- C:\Program Files\cities.dat
[2010/07/19 08:03:52 | 000,633,516 | ---- | C] () -- C:\Program Files\counties.dat
[2010/07/19 08:03:52 | 000,274,944 | ---- | C] () -- C:\Program Files\COMcheck.exe
[2010/07/19 08:03:52 | 000,022,931 | ---- | C] () -- C:\Program Files\splash.gif
[2010/07/19 08:03:52 | 000,022,721 | ---- | C] () -- C:\Program Files\example99.cck
[2010/07/19 08:03:52 | 000,015,663 | ---- | C] () -- C:\Program Files\example.cck
[2010/07/19 08:03:52 | 000,000,299 | ---- | C] () -- C:\Program Files\defaults.dat
[2010/07/19 08:03:52 | 000,000,111 | ---- | C] () -- C:\Program Files\Start_COMcheck_CL_Log.bat
[2010/07/19 08:03:52 | 000,000,074 | ---- | C] () -- C:\Program Files\Start_COMcheck_CL.bat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/07 10:20:38 | 000,323,697 | ---- | C] () -- C:\WINDOWS\System32\airxwhl.dll
[2009/07/07 10:18:28 | 001,158,601 | ---- | C] () -- C:\WINDOWS\System32\refprop.dll
[2009/07/07 10:18:28 | 000,729,088 | ---- | C] () -- C:\WINDOWS\System32\r3a.dll
[2009/07/07 10:18:22 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\jdde.dll
[2009/07/07 10:18:20 | 000,000,401 | ---- | C] () -- C:\WINDOWS\System32\sdm39.ini
[2009/07/07 09:54:56 | 000,004,497 | ---- | C] () -- C:\WINDOWS\spcfg1.ini
[2009/07/07 09:54:17 | 000,002,275 | ---- | C] () -- C:\WINDOWS\System32\FSDM.INI
[2009/07/07 09:54:15 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\ECATENB2.DLL
[2009/07/07 09:54:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ECATEN33.DLL
[2009/07/07 09:54:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ECATEN32.DLL
[2009/06/24 12:52:48 | 000,000,848 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\amprm.dat
[2009/06/24 12:52:48 | 000,000,334 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\awmsg.dat
[2009/06/24 12:52:48 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\amguid.dat
[2009/06/24 12:52:48 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\winam.dat
[2008/09/16 15:02:08 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/04 07:45:51 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ESDErr1.dll
[2008/09/02 14:31:30 | 000,018,790 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2008/09/02 12:18:33 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\gdouglas\Local Settings\Application Data\fusioncache.dat
[2008/09/02 12:07:14 | 000,000,083 | ---- | C] () -- C:\WINDOWS\subrules.ini
[2008/09/02 12:07:13 | 000,002,933 | ---- | C] () -- C:\WINDOWS\TOPSS.ini
[2008/09/02 12:07:13 | 000,000,021 | ---- | C] () -- C:\WINDOWS\odbcddp.ini
[2008/09/02 12:07:13 | 000,000,008 | ---- | C] () -- C:\WINDOWS\dcrudll.ini
[2008/09/02 12:05:37 | 000,254,464 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt2x.dll
[2008/09/02 12:05:37 | 000,169,567 | ---- | C] () -- C:\WINDOWS\System32\LJWing.dll
[2008/09/02 12:05:37 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\TgfWriterX2.dll
[2008/09/02 12:05:37 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\TgfWriter.dll
[2008/09/02 12:05:36 | 000,410,624 | ---- | C] () -- C:\WINDOWS\System32\dforrt.dll
[2008/09/02 12:05:36 | 000,251,904 | ---- | C] () -- C:\WINDOWS\System32\orant71.dll
[2008/09/02 12:05:36 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\Ivinfo.exe
[2008/09/02 12:05:36 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\ivtrn12.dll
[2008/09/02 12:05:36 | 000,005,792 | ---- | C] () -- C:\WINDOWS\System32\odbc16ut.dll
[2008/09/02 12:05:35 | 000,775,168 | ---- | C] () -- C:\WINDOWS\System32\corent23.dll
[2008/09/02 12:05:34 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2008/09/02 12:05:25 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\rcbuild.dll
[2008/09/02 12:05:24 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\PipelineX2.dll
[2008/09/02 12:05:24 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\PipelineX.dll
[2008/02/21 11:57:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/02/21 11:56:05 | 000,002,095 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/21 11:37:46 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/02/14 14:48:47 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2008/02/14 14:48:47 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
[2008/01/18 18:04:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/18 17:44:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/01/18 17:43:15 | 000,001,122 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 18:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 18:06:43 | 000,260,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 18:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 18:00:28 | 000,507,056 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 18:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 18:00:28 | 000,089,850 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 18:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 18:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 18:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 18:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 18:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 18:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 18:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 18:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
========== Custom Scans ==========
< "%WinDir%\$NtUninstallKB*$." /30 >
< C:\Program Files\Common Files\ComObjects\*.* /s >
< %systemroot%\*. /mp /s >
< %systemroot%\*. /rp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004/08/11 18:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/11 18:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/11 18:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\drivers\*.sys /90 >
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2012/01/16 12:17:16 | 000,111,872 | ---- | M] () -- C:\WINDOWS\system32\drivers\TrueSight.sys
< %SYSTEMDRIVE%\*.exe >
< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/06/14 17:26:33 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/06/14 17:26:33 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: VOLSNAP.SYS >
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/04 06:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\i386\volsnap.sys
[2004/08/04 06:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys
< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/12/16 06:00:16 | 000,634,680 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\gdouglas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 07:22:03 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/12/16 06:00:16 | 000,634,680 | ---- | M] (Microsoft Corporation)
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35] -> C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 -> Junction
< End of report >
OTL Extras logfile created on: 3/2/2012 5:35:58 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\gdouglas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.70% Memory free
3.85 Gb Paging File | 3.32 Gb Available in Paging File | 86.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 157.30 Gb Free Space | 67.58% Space Free | Partition Type: NTFS
Drive D: | 242.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive P: | 1034.67 Gb Total Space | 865.91 Gb Free Space | 83.69% Space Free | Partition Type: NTFS
Drive W: | 1034.67 Gb Total Space | 865.91 Gb Free Space | 83.69% Space Free | Partition Type: NTFS
Drive Y: | 1034.67 Gb Total Space | 865.91 Gb Free Space | 83.69% Space Free | Partition Type: NTFS
Drive Z: | 1034.67 Gb Total Space | 865.91 Gb Free Space | 83.69% Space Free | Partition Type: NTFS
Computer Name: GARYD | User Name: gdouglas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-179842681-2008273749-2489577197-1143\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"Enabled" = 1
"AllowUserPrefMerge" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
"AllowUserPrefMerge" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:Enabled:Offer Remote Assistance - Port" = 135:TCP:*:Enabled:Offer Remote Assistance - Port
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = LocalSubnet
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"15164:UDP" = 15164:UDP:*:Enabled:AM Agent
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"3257:TCP" = 3257:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"15164:UDP" = 15164:UDP:*:Enabled:AM Agent
"1045:TCP" = 1045:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"\\Bvdc1\Wrightsoft HVAC\RSU.EXE" = \\Bvdc1\Wrightsoft HVAC\RSU.EXE:*:Enabled:Right-WebServer
"C:\Documents and Settings\gdouglas\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\gdouglas\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Disabled:Octoshape add-in for Adobe Flash Player
"C:\Documents and Settings\gdouglas\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\gdouglas\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{177D1318-3E4B-4A7C-A300-AC4E21BE090B}" = Broadcom Management Programs
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{237a4b21-78c1-11d6-a394-00104bd190b1}" = QuickBooks Basic Edition 2003
"{23E5032B-56CA-4C19-A72E-B50161DB82CA}" = Shadow Copy Client
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java™ 7 Update 3
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2b02f834-a9b9-458c-80e5-3ea8c0de8471}" = QuickBooks Premier: Professional Services Edition 2004
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE06D54-72B1-44B2-AB60-E4277EC80EF4}" = Microsoft XML Parser
"{403A22ED-90CC-4D92-B253-451E48453095}" = CAPS Reporting Library
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5783F2D7-5106-0409-0012-0060B0CE6BBA}" = Autodesk Building Systems 2007.1
"{5783F2D7-8001-0409-0002-0060B0CE6BBA}" = AutoCAD 2010 - English
"{5783F2D7-8001-0409-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOK_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOK_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOK_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOK_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOK_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOK_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
"{989C7412-E123-47B0-A8FD-CC9378E8BA34}" = iDrawings Setup
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A09C820B-B173-47AA-9E68-C39D1F45648C}" = TREAT
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6F2A554-C572-46FD-BD7B-9CF1BCFCC8CA}" = Pipeline
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B9693E8C-200D-4F8D-8366-2467A7F225E6}" = AccusizeSetup
"{BC1E08E0-CB2D-11DE-72AE-021CA0252CD6}" = Chvac Version 7
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D689B418-235A-4290-A0A5-A75E490E0351}" = Symantec Endpoint Protection
"{DD8C7B5F-7F1B-41EE-BB83-991075A30327}" = TOPSS
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E56D5DC8-4C73-44B1-B650-AAD75C7A2701}" = Broadcom ASF Management Applications
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe Acrobat 8 Standard" = Adobe Acrobat 8.1.3 Standard
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AHU Selection v5.90" = AHU Selection v5.90
"AHUBuilder v6.00" = AHUBuilder v6.00
"Air Terminals Builder 1.09a" = Air Terminals Builder 1.09a
"Applied RTU Builder 2.03" = Applied RTU Builder 2.03
"AutoCAD 2010 - English" = AutoCAD 2010 - English
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"CAPS Engineer" = CAPS (Engineer)
"Chvac Version 7" = Chvac Version 7
"COMcheck 3.6.0" = COMcheck 3.6.0
"COMcheck 3.7.1" = COMcheck 3.7.1
"COMcheck 3.8.0 " = COMcheck 3.8.0
"Commercial Split Systems Builder v1.09g" = Commercial Split Systems Builder v1.09g
"E-CAT / E20-II Configuration Services 2.21" = E-CAT / E20-II Configuration Services 2.21
"E-CAT Enable 2.11" = E-CAT Enable 2.11
"ESET Online Scanner" = ESET Online Scanner v3
"Fan Coil Builder 3.29f" = Fan Coil Builder 3.29f
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Igneus Hydrant Flow Test" = Igneus Hydrant Flow Test 2.0
"IrfanView" = IrfanView (remove only)
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nu-Fin Coil Selection v1.06" = Nu-Fin Coil Selection v1.06
"NVIDIA Drivers" = NVIDIA Drivers
"OUTLOOK" = Microsoft Office Outlook 2007
"Packaged RTU Builder 1.19i" = Packaged RTU Builder 1.19i
"PoolPak Selection Software" = PoolPak Selection Software
"ProjectPoint-2008" = Autodesk Buzzsaw 2008.4.10013.111
"Right-Suite Universal Workstation" = Right-Suite Universal Workstation
"SCU Builder 2.09d" = SCU Builder 2.09d
"Unit Ventilators Builder 1.10" = Unit Ventilators Builder 1.10
"VLC media player" = VLC media player 1.0.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WSHP Builder 4.19l" = WSHP Builder 4.19l
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X Builder Framework 1.03q" = X Builder Framework 1.03q
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-179842681-2008273749-2489577197-1143\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.5.1
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/2/2012 4:47:19 PM | Computer Name = GARYD | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 3/2/2012 4:47:19 PM | Computer Name = GARYD | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 3/2/2012 6:07:24 PM | Computer Name = GARYD | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 3/2/2012 6:07:24 PM | Computer Name = GARYD | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 3/2/2012 6:17:24 PM | Computer Name = GARYD | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 3/2/2012 6:17:24 PM | Computer Name = GARYD | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 3/2/2012 6:31:19 PM | Computer Name = GARYD | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 3/2/2012 6:31:19 PM | Computer Name = GARYD | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 3/2/2012 6:31:32 PM | Computer Name = GARYD | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 3/2/2012 6:31:32 PM | Computer Name = GARYD | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
[ System Events ]
Error - 2/26/2012 10:15:47 AM | Computer Name = GARYD | Source = Service Control Manager | ID = 7031
Description = The Symantec Settings Manager service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 100
milliseconds: Restart the service.
Error - 3/2/2012 6:27:39 PM | Computer Name = GARYD | Source = Service Control Manager | ID = 7031
Description = The Symantec Management Client service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 1000
milliseconds: Restart the service.
Error - 3/2/2012 6:27:40 PM | Computer Name = GARYD | Source = Service Control Manager | ID = 7034
Description = The Broadcom ASF IP and SMBIOS Mailbox Monitor service terminated
unexpectedly. It has done this 1 time(s).
Error - 3/2/2012 6:27:40 PM | Computer Name = GARYD | Source = Service Control Manager | ID = 7031
Description = The Symantec Event Manager service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 200 milliseconds:
Restart the service.
Error - 3/2/2012 6:27:40 PM | Computer Name = GARYD | Source = Service Control Manager | ID = 7031
Description = The Symantec Settings Manager service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 100
milliseconds: Restart the service.
Error - 3/2/2012 6:27:42 PM | Computer Name = GARYD | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 3/2/2012 6:27:44 PM | Computer Name = GARYD | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 3/2/2012 6:27:44 PM | Computer Name = GARYD | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 3/2/2012 6:27:44 PM | Computer Name = GARYD | Source = Service Control Manager | ID = 7034
Description = The Intel® Matrix Storage Event Monitor service terminated unexpectedly.
It has done this 1 time(s).
Error - 3/2/2012 6:27:44 PM | Computer Name = GARYD | Source = Service Control Manager | ID = 7031
Description = The Symantec Endpoint Protection service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 10000
milliseconds: Restart the service.
< End of report >
3. No issues that I am aware of.
