Ran OTL and RootRepeal. The logs are attached.
OTL logfile created on: 2/4/2010 2:59:49 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\D. Angleton\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 122.85 Gb Free Space | 17.58% Space Free | Partition Type: NTFS
Drive D: | 171.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 111.79 Gb Total Space | 2.87 Gb Free Space | 2.57% Space Free | Partition Type: NTFS
Drive F: | 0.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 7.64 Gb Total Space | 1.09 Gb Free Space | 14.21% Space Free | Partition Type: FAT32
Drive H: | 930.86 Gb Total Space | 612.63 Gb Free Space | 65.81% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Computer Name: D-
Current User Name: D. Angleton
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ========== PRC - [2010/02/04 14:55:44 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\D. Angleton\Desktop\OTL.exe
PRC - [2010/01/27 04:56:55 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/01/27 04:56:54 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/07 16:11:27 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009/11/24 17:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 17:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 17:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 17:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 17:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/08/21 13:03:49 | 008,318,056 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2008/05/27 15:19:42 | 000,032,768 | ---- | M] (SHARP CORPORATION) -- C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
PRC - [2008/05/26 02:28:04 | 000,704,512 | ---- | M] (SHARP CORPORATION) -- C:\Program Files\Sharp\Sharpdesk\FTPServer.exe
PRC - [2008/05/26 02:21:08 | 000,548,864 | ---- | M] (SHARP CORPORATION) -- C:\Program Files\Sharp\Sharpdesk\nsapp.exe
PRC - [2008/04/14 04:42:42 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/18 08:44:36 | 000,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2007/10/24 21:57:56 | 016,855,552 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2007/07/17 10:13:56 | 000,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2007/07/17 10:13:34 | 000,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2007/05/15 15:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/05/15 15:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/05/15 15:08:00 | 000,130,864 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
PRC - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe
PRC - [2006/02/28 06:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
========== Modules (SafeList) ========== MOD - [2010/02/04 14:55:44 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\D. Angleton\Desktop\OTL.exe
MOD - [2009/12/01 14:56:25 | 000,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
========== Win32 Services (SafeList) ========== SRV - [2010/01/27 04:56:54 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/07 16:11:27 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009/12/28 15:20:16 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/11/24 17:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 17:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 17:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 17:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/16 19:03:26 | 000,024,576 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/07/08 11:31:36 | 000,313,840 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2009/07/08 11:31:32 | 000,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2009/07/08 11:31:12 | 001,108,464 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2008/04/08 08:56:30 | 000,800,040 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2008/01/22 10:13:26 | 000,275,752 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/12/18 08:44:36 | 000,512,000 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2007/12/06 22:20:56 | 000,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/12/06 22:20:52 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/05/24 06:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/05/15 15:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ========== DRV - [2010/01/05 17:37:09 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\windrvNT.sys -- (windrvNT)
DRV - [2009/12/01 14:56:22 | 000,133,064 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2009/11/24 17:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 17:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 17:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 17:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 17:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 17:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/11/17 12:03:15 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2009/11/17 12:03:15 | 000,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009/11/09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/09/23 06:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/01/09 15:18:02 | 000,027,136 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2008/05/20 17:33:50 | 000,022,784 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2008/04/13 23:10:32 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2008/04/13 21:09:16 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 21:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/18 09:46:24 | 002,849,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/12/05 07:45:30 | 000,104,064 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/11/01 00:38:56 | 004,620,288 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/10/17 22:11:00 | 000,056,448 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2007/05/01 02:00:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/11 19:06:28 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006/02/28 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2006/02/28 06:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2004/08/14 18:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2002/08/22 00:42:00 | 000,057,088 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stc2.sys -- (SCRx31 USB Reader)
DRV - [2001/08/17 12:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ie IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-746137067-1532298954-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comIE - HKU\S-1-5-21-746137067-1532298954-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKU\S-1-5-21-746137067-1532298954-725345543-1004\S-1-5-21-746137067-1532298954-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.20
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: {1DA0528B-1DD8-4167-BFAF-E0EF94939F93}:1.0.0.2
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.4.6
FF - HKLM\software\mozilla\Firefox\Extensions\\{1DA0528B-1DD8-4167-BFAF-E0EF94939F93}: C:\Program Files\Comodo\HopSurfToolbar\hopsurfext_ff3_5 [2009/11/20 11:12:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/07 16:13:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/07 16:13:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/12/28 15:34:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2008/07/12 16:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D. Angleton\Application Data\Mozilla\Extensions
[2010/01/26 17:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D. Angleton\Application Data\Mozilla\Firefox\Profiles\0l7vanv5.default\extensions
[2009/06/15 10:32:18 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\D. Angleton\Application Data\Mozilla\Firefox\Profiles\0l7vanv5.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/01/14 12:57:02 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\D. Angleton\Application Data\Mozilla\Firefox\Profiles\0l7vanv5.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/12/07 20:33:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\D. Angleton\Application Data\Mozilla\Firefox\Profiles\0l7vanv5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/14 12:57:04 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\D. Angleton\Application Data\Mozilla\Firefox\Profiles\0l7vanv5.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/12/07 20:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\D. Angleton\Application Data\Mozilla\Firefox\Profiles\0l7vanv5.default\extensions\foxmarks@kei.com
[2010/01/26 17:59:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2009/11/16 13:49:29 | 000,352,613 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 12087 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (HopSurf toolbar) - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\COMODO\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ApproveItForOfficeSetup] C:\Program Files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe (Silanis Technology Inc.)
O4 - HKLM..\Run: [AprvRemoveLegacyExcelKeys] C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.Off File not found
O4 - HKLM..\Run: [AprvRemoveLegacyWordKeys] C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.Off File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [FtpServer.exe] C:\Program Files\Sharp\Sharpdesk\FtpServer.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [IndexTray] C:\Program Files\Sharp\Sharpdesk\IndexTray.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe (PureEdge™ Solutions Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SharpTray] C:\Program Files\Sharp\Sharpdesk\SharpTray.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TypeRegChecker] C:\Program Files\Sharp\Sharpdesk\TypeRegChecker.exe (SHARP CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ApproveIt StartUp.lnk = C:\WINDOWS\Installer\{20F8DC31-F965-4DD6-BC8A-2820C25A3ED0}\Icon9557F1BC1.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-1532298954-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\COMODO\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-746137067-1532298954-725345543-1004\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-746137067-1532298954-725345543-1004\..Trusted Domains: 40 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-746137067-1532298954-725345543-1004\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://www.update.microsoft.com/microsoftu...b?1215899908421 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\sds {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll (SHARP CORPORATION)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - C:\WINDOWS\system32\ackpbsc.dll - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/12 15:12:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/12 15:56:58 | 000,000,030 | RH-- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/05/03 19:29:50 | 000,000,256 | ---- | M] () - G:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/06/01 11:55:11 | 000,000,038 | -H-- | M] () - H:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{2995c1a1-4fec-11de-a665-001fc662dbf3}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O33 - MountPoints2\{dcc8d2ac-58ed-11dd-a643-001fc662dbf3}\Shell\Explore\command - "" = C:\WINDOWS\explorer.exe -- [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{dcc8d2ac-58ed-11dd-a643-001fc662dbf3}\Shell\Launch\command - "" = G:\PortableVaultAES.exe -- [2006/05/23 16:09:16 | 001,404,928 | ---- | M] (StompSoft)
O33 - MountPoints2\{e68159d6-1116-11df-a6e9-001fc662dbf3}\Shell - "" = AutoRun
O33 - MountPoints2\{e68159d6-1116-11df-a6e9-001fc662dbf3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e68159d6-1116-11df-a6e9-001fc662dbf3}\Shell\AutoRun\command - "" = F:\HPLauncher.exe -- [2009/05/18 11:46:50 | 000,565,248 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/02/04 14:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D. Angleton\Desktop\RootRepeal
[2010/02/04 14:59:03 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\D. Angleton\Desktop\OTL.exe
[2010/02/03 16:53:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2010/02/03 16:53:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D. Angleton\Application Data\ArcSoft
[2010/02/03 16:53:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D. Angleton\Application Data\HP SimpleSave Application
[2010/02/03 11:39:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\D. Angleton\Desktop\Bleepin
[2010/01/26 15:58:32 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\D. Angleton\Desktop\RootRepeal.exe
[2010/01/26 15:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/01/26 15:20:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\D. Angleton\Recent
[2010/01/12 17:06:55 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2008/07/24 13:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2008/07/23 16:28:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/07/12 15:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/07/12 15:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/07/12 15:12:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/02/04 14:58:55 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\D. Angleton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/04 14:58:55 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/04 14:57:12 | 000,464,491 | ---- | M] () -- C:\Documents and Settings\D. Angleton\Desktop\RootRepeal.zip
[2010/02/04 14:55:44 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\D. Angleton\Desktop\OTL.exe
[2010/02/04 10:56:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/02/04 04:56:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/02/03 22:56:04 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/02/03 16:56:07 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/02/03 11:54:24 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/03 11:52:04 | 000,002,427 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ApproveIt StartUp.lnk
[2010/02/03 11:51:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/03 11:51:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/03 11:46:36 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\D. Angleton\NTUSER.DAT
[2010/02/03 11:46:34 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\D. Angleton\ntuser.ini
[2010/02/03 11:43:13 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/03 09:43:26 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\D. Angleton\Desktop\RSIT.exe
[2010/01/27 17:31:12 | 000,000,100 | ---- | M] () -- C:\Documents and Settings\D. Angleton\default.pls
[2010/01/26 16:00:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\D. Angleton\Desktop\settings.dat
[2010/01/26 15:58:01 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\D. Angleton\Desktop\RootRepeal.exe
[2010/01/26 15:45:08 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\D. Angleton\Desktop\dds.scr
[2010/01/26 15:11:06 | 000,508,472 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/26 15:11:06 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/26 15:11:06 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/26 14:53:03 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/01/14 17:42:10 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\D. Angleton\My Documents\~$NG - CW3M NO COST letter to Schlechte.doc
[2010/01/14 17:41:46 | 000,048,608 | ---- | M] () -- C:\Documents and Settings\D. Angleton\My Documents\LANG - CW3M NO COST letter to Schlechte.doc
[2010/01/14 17:14:21 | 000,025,194 | ---- | M] () -- C:\Documents and Settings\D. Angleton\My Documents\Schlechte Figure 6 - Geo Cross Section.pdf
[2010/01/14 17:10:53 | 000,225,280 | ---- | M] () -- C:\Documents and Settings\D. Angleton\My Documents\Figure 6 - Geo Cross Section, May 06.vsd
[2010/01/13 17:37:41 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/01/11 12:39:55 | 001,098,752 | ---- | M] () -- C:\Documents and Settings\D. Angleton\Desktop\Figure 4 - Soil Contam Plume, Jan 09.vsd
[2010/01/11 12:38:50 | 001,103,360 | ---- | M] () -- C:\Documents and Settings\D. Angleton\Desktop\Figure 5 - GW Contam Plume, Jan 09.vsd
[2010/01/08 15:31:41 | 000,044,360 | ---- | M] () -- C:\Documents and Settings\D. Angleton\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/05 17:37:09 | 000,035,363 | ---- | M] () -- C:\WINDOWS\System32\windrvNT.sys
[2010/01/05 17:37:06 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\suppdll.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/02/04 14:59:03 | 000,464,491 | ---- | C] () -- C:\Documents and Settings\D. Angleton\Desktop\RootRepeal.zip
[2010/02/03 14:24:34 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\D. Angleton\Desktop\Copy of BlackBerry Desktop Redirector.lnk
[2010/02/03 14:24:23 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\D. Angleton\Desktop\BlackBerry Desktop Redirector.lnk
[2010/02/03 11:39:47 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\D. Angleton\Desktop\RSIT.exe
[2010/01/26 16:00:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\D. Angleton\Desktop\settings.dat
[2010/01/26 15:45:45 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\D. Angleton\Desktop\dds.scr
[2010/01/14 17:42:10 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\D. Angleton\My Documents\~$NG - CW3M NO COST letter to Schlechte.doc
[2010/01/14 17:41:56 | 000,048,608 | ---- | C] () -- C:\Documents and Settings\D. Angleton\My Documents\LANG - CW3M NO COST letter to Schlechte.doc
[2010/01/14 17:14:21 | 000,025,194 | ---- | C] () -- C:\Documents and Settings\D. Angleton\My Documents\Schlechte Figure 6 - Geo Cross Section.pdf
[2010/01/14 17:10:56 | 000,225,280 | ---- | C] () -- C:\Documents and Settings\D. Angleton\My Documents\Figure 6 - Geo Cross Section, May 06.vsd
[2010/01/11 12:39:59 | 001,098,752 | ---- | C] () -- C:\Documents and Settings\D. Angleton\Desktop\Figure 4 - Soil Contam Plume, Jan 09.vsd
[2010/01/11 12:39:50 | 001,103,360 | ---- | C] () -- C:\Documents and Settings\D. Angleton\Desktop\Figure 5 - GW Contam Plume, Jan 09.vsd
[2010/01/05 17:37:09 | 000,035,363 | ---- | C] () -- C:\WINDOWS\System32\windrvNT.sys
[2010/01/05 17:37:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\suppdll.dll
[2009/12/02 15:02:05 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/11/16 14:17:10 | 000,004,772 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/27 10:37:24 | 000,196,696 | ---- | C] () -- C:\WINDOWS\_isusr32.dll
[2009/08/27 10:37:19 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\usk1.dll
[2009/08/27 10:37:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\_isusr2k.dll
[2009/08/27 10:35:59 | 000,000,284 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/08/27 10:09:06 | 000,344,862 | ---- | C] () -- C:\Documents and Settings\D. Angleton\Application Data\fontlst2.opf
[2009/03/02 17:41:39 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/02 17:35:22 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/01/27 15:00:05 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/01/20 15:57:31 | 000,000,316 | ---- | C] () -- C:\WINDOWS\Ar11xl.INI
[2008/09/09 15:47:02 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/09/09 15:47:01 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/28 13:47:23 | 000,004,751 | ---- | C] () -- C:\WINDOWS\SigPlus.ini
[2008/07/24 13:59:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/15 14:14:55 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\D. Angleton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/12 15:20:14 | 000,019,843 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/07/12 15:20:08 | 000,019,447 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/07/12 15:20:08 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/07/12 15:20:03 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/07/26 23:32:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\erainp32.dll
[2006/02/28 06:00:00 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
========== Alternate Data Streams ========== @Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
TL Extras logfile created on: 2/4/2010 2:59:49 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\D. Angleton\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 122.85 Gb Free Space | 17.58% Space Free | Partition Type: NTFS
Drive D: | 171.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 111.79 Gb Total Space | 2.87 Gb Free Space | 2.57% Space Free | Partition Type: NTFS
Drive F: | 0.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 7.64 Gb Total Space | 1.09 Gb Free Space | 14.21% Space Free | Partition Type: FAT32
Drive H: | 930.86 Gb Total Space | 612.63 Gb Free Space | 65.81% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Computer Name: D-
Current User Name: D. Angleton
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-746137067-1532298954-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (Intuit, Inc.)
"C:\Documents and Settings\D. Angleton\Desktop\Trillian\trillian.exe" = C:\Documents and Settings\D. Angleton\Desktop\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Program Files\Sharp\Sharpdesk\FTPServer.exe" = C:\Program Files\Sharp\Sharpdesk\FTPServer.exe:*:Enabled:Network Scanner Tool -- (SHARP CORPORATION)
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"C:\Documents and Settings\D. Angleton\Local Settings\Temp\Nero Web\SetupXu.exe" = C:\Documents and Settings\D. Angleton\Local Settings\Temp\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{039DD85B-678B-86BB-1274-70D47302E6AB}" = CCC Help Spanish
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05A387D8-F05A-CC4B-BE7A-9532D92F2F94}" = CCC Help Czech
"{066237E9-84EA-BE5E-4A13-2D69EFC95592}" = Catalyst Control Center Localization Greek
"{07E6009C-F348-6638-94E8-0F786463C31C}" = Catalyst Control Center Localization Dutch
"{0AEF384B-610F-4309-8DA3-91834FE4E80E}" = Sharpdesk
"{0B784420-2826-AFB0-DBAA-A3CAF7DEE33E}" = Catalyst Control Center Localization Hungarian
"{0C94C186-8D5D-60DB-3137-AD5FAD6A648D}" = CCC Help Korean
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"{18499419-2B80-4C3F-86D3-C6C45CD2062E}" = Samsung ML-1710 Series
"{1D1B0B72-C568-CFD4-EF47-1F8DB1278A84}" = ccc-utility
"{20F8DC31-F965-4DD6-BC8A-2820C25A3ED0}" = ApproveIt Desktop 5.8.2
"{217AD20B-CF3F-0158-0B7B-6C8934ABC664}" = CCC Help Portuguese
"{244E889A-64B5-9AEF-6ABB-7DA23FCB5DB6}" = Catalyst Control Center Localization Italian
"{26D3E377-1DCA-4043-9410-B4A9BACF1033}" = Nero 7 Ultra Edition
"{31802FA9-3B5F-BACE-DB67-2E977EBF6381}" = Catalyst Control Center Localization Spanish
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{4704FABD-136C-73B5-B877-C43B984F0390}" = CCC Help Polish
"{48ED274D-1083-BD8D-32F6-B07F36B62322}" = CCC Help Danish
"{4C23A0C9-56EE-35C9-34AE-6F7EF367AE3F}" = Catalyst Control Center Localization Finnish
"{4D833723-A619-B172-F76A-E1BA26E3552E}" = Catalyst Control Center Localization Czech
"{5285503A-0D7B-D843-8F5E-371E9F905D1A}" = CCC Help Chinese Traditional
"{529DB741-5B9C-E934-6F83-901D1B7DE349}" = Catalyst Control Center Localization Polish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{584C7AD3-EBD9-5C69-35B5-DF1FBF522450}" = Catalyst Control Center Localization Turkish
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{6447666B-A1AF-ACFA-DDE6-499283007943}" = CCC Help Chinese Standard
"{65350534-66B4-17F1-0EE8-AF8B840A60B3}" = Catalyst Control Center Localization French
"{6769551F-F65E-4C0B-4023-8A6E0280D904}" = ccc-core-preinstall
"{69541183-A8AA-A20E-B050-725112845B71}" = Catalyst Control Center Core Implementation
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7A3B0A87-DE80-5A33-AA9D-F7C43418C221}" = CCC Help Finnish
"{84A48E18-7A53-E7BC-C411-993E09F7FBB4}" = CCC Help Thai
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D5430CB-12F9-EE2E-25DA-A496AE64C444}" = CCC Help Dutch
"{8F063C9F-B873-F95F-7263-F4E056B78A3F}" = CCC Help Italian
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90240409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Resource Kit
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90510409-6D54-11D4-BEE3-00C04F990354}" = Microsoft Visio Professional 2002 [English]
"{91DDDADC-8429-D3DA-FF6B-58AD958F37EA}" = ccc-core-static
"{96827D83-7906-E3B3-812A-ACB5BDBF61B9}" = CCC Help Swedish
"{97DC6B83-3E5B-D0F5-6484-523FFA0AA4C9}" = Catalyst Control Center Localization Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4722454-5848-3626-59F7-FB47A5BCDDB1}" = CCC Help Norwegian
"{A56D1C41-936A-E656-BAC7-A656DD28E3A3}" = Catalyst Control Center Graphics Full New
"{A69260A8-B55D-62E4-4C94-F5E3ABAA8963}" = Catalyst Control Center Localization German
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient CAC 6.1 x86
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AE677777-BB8D-D9F2-3649-15E22312BEF2}" = Catalyst Control Center Localization Danish
"{AF51836C-A49B-DE9A-D5FB-A2A1C487DA5B}" = Skins
"{B10F2EDF-0372-E298-F1DE-74A2E0867090}" = CCC Help Russian
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C515CFE7-8C87-D819-5C30-CB0927935135}" = CCC Help English
"{C8F14617-F4E0-A208-FAF7-A8D07ADAF8AC}" = CCC Help German
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CC411126-8CDE-4B7C-950F-4197C931B0C8}" = ML-1510_700 Series
"{CC89D155-7A51-9575-A019-ACF030C63935}" = Catalyst Control Center Localization Japanese
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF53EF4-6E83-4933-B1E7-F2A96FCB0C21}" = InstallRoot
"{D1D932F8-A4B1-AB14-962B-CF0356625377}" = CCC Help Turkish
"{D45D6C7F-194E-33FA-E62C-E0C0B5E04C75}" = CCC Help Japanese
"{D564945F-E05C-AD63-211A-876C38E7BCB0}" = Catalyst Control Center Localization Chinese Standard
"{D73D2C40-965C-D6AF-BC12-017272056882}" = Catalyst Control Center Localization Norwegian
"{D8F65549-943C-8C60-215E-AE518CDFDAB1}" = CCC Help French
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0000650-0650-0650-0650-000000000650}" = PureEdge Viewer 6.5
"{E1AD4E23-B314-7457-970D-E50E7FA5A446}" = Catalyst Control Center Graphics Light
"{E20AE12A-BD95-612C-F145-D388BCB3B209}" = Catalyst Control Center Localization Portuguese
"{E2F76EB8-526D-0B60-A249-6719448FD5FB}" = CCC Help Greek
"{E302321B-10E2-4BFF-9218-6EC104334721}" = Catalyst Control Center Localization Chinese Traditional
"{ECAEFB98-5D18-BE77-9B5A-A8A87224B0A3}" = Catalyst Control Center Localization Swedish
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{F085C4A7-DBD9-8FF8-8BF2-6F72C8E5403B}" = Catalyst Control Center Localization Thai
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F87670EF-47BF-8C6E-6E9F-D2B7BCCE4994}" = Catalyst Control Center Localization Russian
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}" = Nero 7 Ultra Edition
"{FF198B75-98D7-2773-3B4E-8C61BA2D1F45}" = Catalyst Control Center Graphics Full Existing
"{FFC135DD-2547-D1D3-93F6-B32091AEEF1D}" = CCC Help Hungarian
"Ad-Aware" = Ad-Aware
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"Belltech Greeting Card Designer - Extra Templates_is1" = Belltech Greeting Card Designer - Extra Templates
"Belltech Greeting Card Designer 5.3.3_is1" = Belltech Greeting Card Designer 5.3.3
"BlackBerry_{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"Browser Defender_is1" = Browser Defender 2.0.6.11
"CCleaner" = CCleaner (remove only)
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"Comodo HopSurf Toolbar" = Comodo HopSurf
"COMODO Internet Security" = COMODO Internet Security
"Excel Utilities 1.4" = Excel Utilities 1.4
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"IEAK5" = Microsoft Internet Explorer Administration Kit 5
"InstallShield_{0AEF384B-610F-4309-8DA3-91834FE4E80E}" = Sharpdesk
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoCardMaker_is1" = PhotoCardMaker 1.0.1
"Samsung ML-2510 Series" = Samsung ML-2510 Series
"SHARP AR-M250 M310 Series PCL PS Printer Driver" = SHARP AR-M250/M310 Series PCL/PS Printer Driver
"Spyware Doctor" = Spyware Doctor 7.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
========== Last 10 Event Log Errors ========== [ Antivirus Events ]
Error - 10/10/2009 7:11:01 PM | Computer Name = D- | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://forecastfox.accuweather.com/adcbin/...ner=forecastfox failed, 00000070.
Error - 10/10/2009 7:17:12 PM | Computer Name = D- | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://forecastfox.accuweather.com/adcbin/...ner=forecastfox failed, 00000070.
Error - 10/10/2009 7:29:13 PM | Computer Name = D- | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://forecastfox.accuweather.com/adcbin/...ner=forecastfox failed, 00000070.
Error - 11/18/2009 2:31:54 PM | Computer Name = D- | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\D. Angleton\Application Data\Mozilla\Firefox\Profiles\0l7vanv5.default\sessionstore-1.js
failed, 0000A413.
Error - 11/18/2009 2:32:55 PM | Computer Name = D- | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\D. Angleton\Application Data\Mozilla\Firefox\Profiles\0l7vanv5.default\sessionstore-1.js
failed, 0000A413.
Error - 1/27/2010 4:25:38 PM | Computer Name = D- | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Haa-data-\haa files\Herlacher Angleton Associates\A_Darrell's_Projects\Downloads\CIS_Setup_3.12.111745.560_XP_Vista_x32.exe
failed, 00000035.
Error - 1/27/2010 4:25:39 PM | Computer Name = D- | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Haa-data-\haa files\Herlacher Angleton Associates\A_Darrell's_Projects\My eBooks\Gingrich,
Newt - Real Change.pdf failed, 00000035.
Error - 1/27/2010 4:25:39 PM | Computer Name = D- | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Haa-data-\haa files\Herlacher Angleton Associates\A_Darrell's_Projects\My eBooks\Gingrich,
Newt - Rediscovering God in America.pdf failed, 00000035.
Error - 1/27/2010 4:25:39 PM | Computer Name = D- | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Haa-data-\haa files\Herlacher Angleton Associates\A_Darrell's_Projects\My eBooks\Gingrich,
Newt - Winning The Future.pdf failed, 00000035.
Error - 1/27/2010 4:25:40 PM | Computer Name = D- | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Haa-data-\haa files\Herlacher Angleton Associates\A_Darrell's_Projects\My eBooks\Greenwood
Press The Decline and Fall of the Roman Empire.pdf failed, 00000035.
[ Application Events ]
Error - 1/27/2010 3:55:41 PM | Computer Name = D- | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x034ff7a0.
Error - 1/27/2010 3:59:26 PM | Computer Name = D- | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x034ff7a0.
Error - 1/27/2010 3:59:48 PM | Computer Name = D- | Source = NSSDK.MfpifValidator.1 | ID = 34938914
Description = IP 10.1.10.4 cannot be reached on the network. (0x8215110b)
Error - 1/27/2010 4:15:32 PM | Computer Name = D- | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0358f7a0.
Error - 1/27/2010 4:20:26 PM | Computer Name = D- | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0358f7a0.
Error - 1/27/2010 4:20:51 PM | Computer Name = D- | Source = NSSDK.MfpifValidator.1 | ID = 34938914
Description = IP 10.1.10.4 cannot be reached on the network. (0x8215110b)
Error - 2/3/2010 1:43:49 PM | Computer Name = D- | Source = NSSDK.MfpifValidator.1 | ID = 34938914
Description = IP 10.1.10.4 cannot be reached on the network. (0x8215110b)
Error - 2/3/2010 1:43:50 PM | Computer Name = D- | Source = NSSDK.CprXml.1 | ID = 34938914
Description = Operation timed out when pinging IP 10.1.10.4. (0x82150737)
Error - 2/3/2010 1:52:16 PM | Computer Name = D- | Source = NSSDK.MfpifValidator.1 | ID = 34938914
Description = IP 10.1.10.4 cannot be reached on the network. (0x8215110b)
Error - 2/3/2010 1:52:17 PM | Computer Name = D- | Source = NSSDK.CprXml.1 | ID = 34938914
Description = Operation timed out when pinging IP 10.1.10.4. (0x82150737)
[ System Events ]
Error - 1/26/2010 5:19:11 PM | Computer Name = D- | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 1/26/2010 5:19:11 PM | Computer Name = D- | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 1/26/2010 5:19:12 PM | Computer Name = D- | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 1/26/2010 5:19:12 PM | Computer Name = D- | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 1/26/2010 5:19:12 PM | Computer Name = D- | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 1/26/2010 5:19:12 PM | Computer Name = D- | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 1/26/2010 5:19:12 PM | Computer Name = D- | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 1/26/2010 5:19:12 PM | Computer Name = D- | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 1/26/2010 5:19:12 PM | Computer Name = D- | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 1/26/2010 5:19:12 PM | Computer Name = D- | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
< End of report >
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/02/04 15:11
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA3662000 Size: 49152 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\sccfg.sys
Status: Invisible to the Windows API!
SSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa720fbcc
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa70336b8
#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa720f1aa
#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xba38c36a
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xb9ef0e52
#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa720f08c
#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xb9ed1cde
#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xb9ed1ed0
#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa721105c
#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa72112f4
#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa720ec52
#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xb9ef1640
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xb9ef18f4
#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa703314c
#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7210cde
#: 105 Function Name: NtMakeTemporaryObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa720f42e
#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xba38ccd8
#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xb9eefb44
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa703308c
#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa720f6be
#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa70330f0
#: 145 Function Name: NtQueryDirectoryFile
Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xba38c842
#: 154 Function Name: NtQueryInformationProcess
Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xba3891e0
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa703376e
#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xb9ef1d60
#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa721163a
#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa703372e
#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7210a7a
#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xba38d142
#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa720fdb2
#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7210e8c
#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xb9ef1112
#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa720f3c8
#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa720f5b2
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xb9ed1984
#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa720ee24
Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7213352
#: 122 Function Name: NtGdiDeleteObjectApp
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7213a76
#: 227 Function Name: NtGdiMaskBlt
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7213486
#: 233 Function Name: NtGdiOpenDCW
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7213936
#: 237 Function Name: NtGdiPlgBlt
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa72135c6
#: 292 Function Name: NtGdiStretchBlt
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa72136fa
#: 310 Function Name: NtUserBlockInput
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa72131d2
#: 319 Function Name: NtUserCallHwndParamLock
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7212424
#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7212ea2
#: 389 Function Name: NtUserGetClipboardData
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7213834
#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7212c10
#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7212d52
#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa72128f4
#: 465 Function Name: NtUserMoveWindow
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa721215c
#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa72125a6
#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7212752
#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7212ff2
#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7212ab6
#: 509 Function Name: NtUserSetClipboardViewer
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa72130e8
#: 529 Function Name: NtUserSetParent
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa72122cc
#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7213adc
#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa7213d10
==EOF==