Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan-Clicker.win32.wistler.a


  • This topic is locked This topic is locked
18 replies to this topic

#16 SigRanger

SigRanger
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 01 July 2011 - 07:57 PM

PW,
Here are the logs. Also, I noticed that Mcafee site adviser is not working.

All processes killed
========== OTL ==========
C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\chrome\icons\default folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\chrome\icons folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2E5E800E-6AC0-411E-940A-369530A35E43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E5E800E-6AC0-411E-940A-369530A35E43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2E5E800E-6AC0-411E-940A-369530A35E43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E5E800E-6AC0-411E-940A-369530A35E43}\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->FireFox cache emptied: 30148463 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 49286 bytes
->FireFox cache emptied: 4951690 bytes
->Flash cache emptied: 9057 bytes

User: NetworkService
->Temp folder emptied: 248 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 15365 bytes

User: Roger
->Temp folder emptied: 565886 bytes
->Temporary Internet Files folder emptied: 40346893 bytes
->Java cache emptied: 106755518 bytes
->FireFox cache emptied: 63056757 bytes
->Google Chrome cache emptied: 6634977 bytes
->Apple Safari cache emptied: 1600512 bytes
->Flash cache emptied: 2198410 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 6698702 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 56367 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 112094 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 251.00 mb


OTL by OldTimer - Version 3.2.24.2 log created on 07012011_150234

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_970.dat not found!

Registry entries deleted on Reboot...


OTL logfile created on: 7/1/2011 5:51:24 PM - Run 2
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Roger\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 79.37% Memory free
4.34 Gb Paging File | 3.59 Gb Available in Paging File | 82.59% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.07 Gb Total Space | 38.35 Gb Free Space | 35.81% Space Free | Partition Type: NTFS
Drive D: | 37.23 Gb Total Space | 0.14 Gb Free Space | 0.36% Space Free | Partition Type: NTFS
Drive G: | 149.01 Gb Total Space | 101.31 Gb Free Space | 67.99% Space Free | Partition Type: FAT32

Computer Name: SIGNAL-RANGER | User Name: Roger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/01 17:50:16 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roger\Desktop\OTL.exe
PRC - [2011/06/27 21:32:32 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/03/18 09:52:10 | 000,404,664 | ---- | M] () -- C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/06/04 08:10:36 | 000,822,384 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/02/09 12:20:04 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/01/30 13:02:00 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Program Files\FinePixViewer\QuickDCF2.exe
PRC - [2006/12/12 10:46:54 | 000,020,480 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2006/12/12 10:46:52 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2006/12/12 10:43:58 | 000,842,240 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC7302\Monitor.exe
PRC - [2006/05/03 04:12:00 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/12/01 06:01:00 | 000,110,592 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe
PRC - [2005/11/04 18:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2005/10/14 11:01:06 | 000,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/06/17 07:56:14 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/06/17 07:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2003/06/18 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe


========== Modules (SafeList) ==========

MOD - [2011/07/01 17:50:16 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roger\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2005/12/01 06:01:00 | 000,077,824 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\McAfee QuickClean\imhook.dll
MOD - [2005/11/08 12:30:42 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/06/17 07:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/08/22 00:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/22 00:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/09/10 08:50:56 | 000,457,984 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007/06/18 21:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 21:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/06/18 03:01:28 | 000,514,560 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/11 15:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 15:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/12/19 08:36:54 | 001,160,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006/12/19 08:36:46 | 000,090,936 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/12/19 08:36:42 | 000,156,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/12/19 08:36:36 | 000,014,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/12/19 08:36:32 | 000,128,312 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/12/19 08:35:40 | 000,511,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/04 04:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/13 09:18:48 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2004/04/06 05:24:00 | 000,064,088 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR33X2K.sys -- (SCR33X USB Smart Card Reader)
DRV - [2004/03/25 14:18:40 | 000,011,393 | ---- | M] (Fellowes, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FeMouWDM.sys -- (FeMouWDM)
DRV - [2003/07/16 15:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2002/11/07 05:04:00 | 000,181,875 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR131C.sys -- (SCR131C)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
IE - HKU\.DEFAULT\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
IE - HKU\S-1-5-18\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2149006833-1343954704-1090069184-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2149006833-1343954704-1090069184-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2149006833-1343954704-1090069184-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=CDxdm080YYus&ptb=B58C54AE-03CE-4DB5-8BC4-B52E5AB2E129
IE - HKU\S-1-5-21-2149006833-1343954704-1090069184-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2149006833-1343954704-1090069184-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=135963"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm080YYus&ptb=B58C54AE-03CE-4DB5-8BC4-B52E5AB2E129&ind=2011042815&ptnrS=CDxdm080YYus&si=4107&n=77de13ff&psa=&st=kwd&searchfor="


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/06 16:21:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/25 13:33:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/27 21:32:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/16 07:03:29 | 000,000,000 | ---D | M]

[2009/10/28 20:32:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Roger\Application Data\Mozilla\Extensions
[2009/10/28 20:32:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Roger\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/04/30 19:25:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Roger\Application Data\Mozilla\Firefox\Profiles\jblhxhke.default\extensions
[2010/07/25 12:35:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Roger\Application Data\Mozilla\Firefox\Profiles\jblhxhke.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/04 12:39:09 | 000,000,000 | ---D | M] ("DoD Configuration") -- C:\Documents and Settings\Roger\Application Data\Mozilla\Firefox\Profiles\jblhxhke.default\extensions\{d15c1608-ba3e-4aa0-aa6f-aa9337226087}
[2011/04/30 19:25:58 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Documents and Settings\Roger\Application Data\Mozilla\Firefox\Profiles\jblhxhke.default\extensions\toolbar@shopathome.com
[2011/04/28 15:46:12 | 000,009,979 | ---- | M] () -- C:\Documents and Settings\Roger\Application Data\Mozilla\Firefox\Profiles\jblhxhke.default\searchplugins\CouponAlert_2p.xml
[2007/02/18 23:44:22 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Roger\Application Data\Mozilla\Firefox\Profiles\jblhxhke.default\searchplugins\siteadvisor.xml
[2011/07/01 15:02:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2008/12/05 08:57:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/27 21:32:32 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2004/08/18 12:00:00 | 000,270,336 | ---- | M] (Gradkell Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\DCAENTU.dll
[2004/08/18 12:00:00 | 001,294,336 | ---- | M] (Gradkell Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\DCARSA.dll
[2004/08/18 12:00:00 | 000,348,160 | ---- | M] (Gradkell Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\GuiUtils.dll
[2011/04/08 22:08:54 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/04/08 22:08:54 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2004/08/18 12:00:00 | 000,393,216 | ---- | M] (Gradkell Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npDBsignWeb.dll
[2006/01/18 13:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2004/08/18 12:00:00 | 000,122,880 | ---- | M] (Netscape Communications Corporation) -- C:\Program Files\mozilla firefox\plugins\nsldap32v30.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/11/18 20:16:08 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/06/28 14:03:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110513220038.dll (McAfee, Inc.)
O2 - BHO: (TwcToolbarBhoApp Class) - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {2E5E800E-6AC0-411E-940A-369530A35E43} - No CLSID value found.
O4 - HKLM..\Run: [ApproveItForOfficeSetup] C:\Program Files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe (Silanis Technology Inc.)
O4 - HKLM..\Run: [AprvRemoveLegacyExcelKeys] File not found
O4 - HKLM..\Run: [AprvRemoveLegacyWordKeys] File not found
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Fellowes Proxy] C:\WINDOWS\system32\r3proxy.exe (Fellowes, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe (PureEdge™ Solutions Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-2149006833-1343954704-1090069184-1005..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-2149006833-1343954704-1090069184-1005..\Run: [Device Detection] C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe ()
O4 - HKU\S-1-5-21-2149006833-1343954704-1090069184-1005..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKU\S-1-5-21-2149006833-1343954704-1090069184-1005..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe (McAfee, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RealUpgradeHelper] C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [RealUpgradeHelper] C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ApproveIt StartUp.lnk = C:\WINDOWS\Installer\{29EB04A2-633C-40BE-9673-12DE7360C04E}\Icon9557F1BC1.ico ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2149006833-1343954704-1090069184-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2149006833-1343954704-1090069184-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2149006833-1343954704-1090069184-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2149006833-1343954704-1090069184-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2149006833-1343954704-1090069184-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2149006833-1343954704-1090069184-1005\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2149006833-1343954704-1090069184-1005\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2149006833-1343954704-1090069184-1005\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.209.36 97.64.168.13
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Roger\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Roger\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/01 15:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/07/01 15:02:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/29 10:48:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roger\Desktop\tdsskiller
[2011/06/29 10:37:07 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Roger\Desktop\OTL.exe
[2011/06/28 14:19:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/16 11:58:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WildTangent Games
[2011/06/16 11:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\WildTangent Games
[2011/06/16 00:07:53 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/15 16:40:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Roger\Recent
[2011/06/14 12:39:32 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/10 13:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/10 13:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/10 13:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/06/09 20:52:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roger\Desktop\Do not touch
[2011/06/09 17:04:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cobian Backup 8
[2011/06/09 17:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 8
[2011/06/09 13:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/09 13:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/06/09 13:57:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/06/09 11:22:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/06/09 11:14:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/08 21:51:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/08 21:51:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/08 21:51:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/08 21:51:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/08 21:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/08 21:50:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/08 20:11:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/06/08 20:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roger\Application Data\Malwarebytes
[2011/06/08 20:08:21 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/08 20:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/08 20:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/08 20:08:18 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/08 20:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/04 19:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2006/06/04 15:29:56 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2006/06/04 15:29:56 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE

========== Files - Modified Within 30 Days ==========

[2011/07/01 17:50:16 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roger\Desktop\OTL.exe
[2011/07/01 17:50:09 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AB5F1A7C-D595-46EB-8A10-9E73E3A3A995}.job
[2011/07/01 17:34:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/01 16:16:20 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/07/01 15:16:49 | 000,002,427 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ApproveIt StartUp.lnk
[2011/07/01 15:16:31 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/01 15:16:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/01 15:14:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/01 15:14:45 | 3219,271,680 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/01 15:14:01 | 000,064,756 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx
[2011/07/01 15:14:01 | 000,055,092 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx
[2011/07/01 15:14:01 | 000,055,092 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx
[2011/07/01 15:14:01 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/07/01 15:14:01 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/07/01 01:00:13 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\vtscheduletask.job
[2011/06/28 14:03:16 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/24 20:16:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/23 03:03:14 | 000,446,150 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/23 03:03:14 | 000,073,164 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/19 21:55:14 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Roger\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/17 20:46:11 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/16 12:46:37 | 000,001,947 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Games.lnk
[2011/06/16 11:58:25 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\Roger\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
[2011/06/16 11:32:14 | 000,002,411 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
[2011/06/16 07:03:29 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/16 03:11:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/10 21:38:43 | 000,256,356 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/10 21:38:43 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/10 13:14:45 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/09 18:21:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Roger\defogger_reenable
[2011/06/09 13:59:13 | 000,717,932 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/06/09 11:14:59 | 000,000,397 | RHS- | M] () -- C:\boot.ini
[2011/06/04 19:36:09 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

========== Files Created - No Company Name ==========

[2011/06/23 12:57:47 | 3219,271,680 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/17 20:44:20 | 000,001,080 | ---- | C] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/06/17 20:44:20 | 000,001,080 | ---- | C] () -- C:\WINDOWS\System32\settings.sfm
[2011/06/16 11:58:25 | 000,001,973 | ---- | C] () -- C:\Documents and Settings\Roger\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
[2011/06/16 11:58:25 | 000,001,947 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Games.lnk
[2011/06/10 13:14:45 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/09 18:21:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Roger\defogger_reenable
[2011/06/09 13:58:53 | 000,717,932 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/06/09 11:21:00 | 000,002,427 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ApproveIt StartUp.lnk
[2011/06/09 11:21:00 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/06/09 11:21:00 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk
[2011/06/09 11:21:00 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
[2011/06/09 11:20:51 | 000,001,934 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Plus! Photo Story 2 LE.lnk
[2011/06/09 11:20:51 | 000,001,833 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live Mail.lnk
[2011/06/09 11:20:51 | 000,001,011 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Media Connect.lnk
[2011/06/09 11:20:51 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/09 11:20:51 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/06/09 11:20:51 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/06/09 11:20:50 | 000,002,415 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk
[2011/06/09 11:20:50 | 000,002,411 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
[2011/06/09 11:20:50 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/06/09 11:20:50 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/06/09 11:20:50 | 000,001,965 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Games, Music, & Photos.lnk
[2011/06/09 11:20:50 | 000,001,958 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Documentation & Support.lnk
[2011/06/09 11:20:50 | 000,001,927 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Introduction of Picture The Future.lnk
[2011/06/09 11:20:50 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/09 11:20:50 | 000,001,845 | ---- | C] () -- C:\Documents and Settings\Roger\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Mail.lnk
[2011/06/09 11:20:50 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Corel Photo Album 6.lnk
[2011/06/09 11:20:50 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/06/09 11:20:50 | 000,001,827 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Mail.lnk
[2011/06/09 11:20:50 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011/06/09 11:20:50 | 000,001,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/06/09 11:20:50 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/09 11:20:50 | 000,001,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImageMixer VCD2 for FinePix 2.0.lnk
[2011/06/09 11:20:50 | 000,001,628 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FinePixViewer.lnk
[2011/06/09 11:20:50 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2011/06/09 11:20:50 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\Roger\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2011/06/09 11:20:50 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Roger\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/06/09 11:20:50 | 000,001,466 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Media Center.lnk
[2011/06/09 11:20:50 | 000,001,018 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2011/06/09 11:20:50 | 000,000,910 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel Desktop .lnk
[2011/06/09 11:20:50 | 000,000,902 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Image Zone.lnk
[2011/06/09 11:20:50 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2011/06/09 11:20:50 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MyFinePix Studio 1.0.lnk
[2011/06/09 11:20:50 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Roger\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/09 11:20:50 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Roger\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/09 11:20:50 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Roger\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/09 11:20:50 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/06/09 11:20:50 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/09 11:20:50 | 000,000,559 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\eKnowledge Power Prep.lnk
[2011/06/09 11:20:50 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Roger\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/08 21:55:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/08 21:51:23 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/08 21:51:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/08 21:51:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/08 21:51:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/08 21:51:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/19 19:48:57 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/04/19 19:20:04 | 000,000,769 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2011/04/19 19:20:01 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.ini
[2011/03/31 20:10:07 | 000,171,541 | ---- | C] () -- C:\WINDOWS\hpwins27.dat.temp
[2011/03/31 20:10:07 | 000,000,385 | ---- | C] () -- C:\WINDOWS\hpwmdl27.dat.temp
[2011/03/23 20:16:28 | 000,256,356 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/03/23 20:16:28 | 000,256,356 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/03/23 20:16:28 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/03/23 20:16:06 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/11/06 16:16:16 | 000,023,123 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/07/25 17:36:51 | 000,171,541 | ---- | C] () -- C:\WINDOWS\hpwins27.dat
[2010/07/25 17:36:50 | 000,000,385 | ---- | C] () -- C:\WINDOWS\hpwmdl27.dat
[2010/03/16 18:21:27 | 000,045,392 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/06 22:31:30 | 000,004,733 | ---- | C] () -- C:\WINDOWS\SigPlus.ini
[2009/05/10 08:28:01 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.A211.dll
[2009/05/10 08:26:33 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a0.dll
[2009/02/07 09:54:49 | 000,000,025 | ---- | C] () -- C:\WINDOWS\testing123.dat
[2008/09/18 00:55:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/02/06 13:30:05 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/01/18 00:35:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\erainp32.dll
[2007/07/28 19:32:46 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarIe7.dll
[2007/07/28 19:32:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarBho.dll
[2007/05/01 17:43:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/07 20:09:06 | 000,001,129 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI
[2007/01/30 16:58:04 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/02 17:32:10 | 000,100,724 | ---- | C] () -- C:\WINDOWS\cpeins04.dat
[2007/01/02 17:30:25 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/01/02 17:29:14 | 000,099,736 | ---- | C] () -- C:\WINDOWS\CPEins05.dat
[2007/01/02 17:29:14 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2006/12/19 07:15:20 | 000,065,154 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2006/12/12 10:39:02 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2006/08/22 18:53:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/08/05 15:24:43 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/07/19 22:44:29 | 000,205,312 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2006/07/19 22:43:53 | 000,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2006/07/17 17:27:46 | 000,003,550 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/07/02 13:20:47 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Roger\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/02 13:04:50 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Roger\Application Data\dvd.bmk
[2006/07/02 12:17:45 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Roger\Application Data\PFP120JPR.{PB
[2006/07/02 12:17:45 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Roger\Application Data\PFP120JCM.{PB
[2006/07/02 12:17:43 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/02 12:17:43 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\673CEC90C8.sys
[2006/07/02 12:16:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/02 11:58:08 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/02 11:49:31 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2006/07/02 11:49:31 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2006/07/02 11:24:45 | 000,104,268 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2006/07/02 11:24:45 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2006/07/02 11:13:26 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Roger\Local Settings\Application Data\fusioncache.dat
[2006/06/04 16:10:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/04 16:04:02 | 000,000,400 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/04 16:00:29 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/06/04 15:58:56 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/06/04 15:54:44 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/06/04 15:29:56 | 000,366,255 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2006/06/04 15:29:56 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2006/06/04 15:29:56 | 000,265,066 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT
[2006/06/04 15:29:56 | 000,231,821 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2006/06/04 15:29:56 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2006/06/04 15:29:56 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2006/06/04 15:29:56 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2006/06/04 15:29:56 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2006/06/04 15:29:56 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/06/04 15:29:56 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2006/06/04 15:29:56 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006/06/04 15:29:56 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/06/04 15:29:54 | 000,050,432 | ---- | C] () -- C:\WINDOWS\System32\claptn.ini
[2006/06/04 15:28:54 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/06/04 15:28:52 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/06/04 15:28:10 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 04:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 04:27:59 | 000,231,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 04:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 04:18:33 | 000,446,150 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 04:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 04:18:33 | 000,073,164 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 04:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 04:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 04:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 04:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 04:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 04:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 04:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/12/10 12:38:47 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >


OTL Extras logfile created on: 7/1/2011 5:51:24 PM - Run 2
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Roger\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 79.37% Memory free
4.34 Gb Paging File | 3.59 Gb Available in Paging File | 82.59% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.07 Gb Total Space | 38.35 Gb Free Space | 35.81% Space Free | Partition Type: NTFS
Drive D: | 37.23 Gb Total Space | 0.14 Gb Free Space | 0.36% Space Free | Partition Type: NTFS
Drive G: | 149.01 Gb Total Space | 101.31 Gb Free Space | 67.99% Space Free | Partition Type: FAT32

Computer Name: SIGNAL-RANGER | User Name: Roger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2149006833-1343954704-1090069184-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.5
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 17
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{29EB04A2-633C-40BE-9673-12DE7360C04E}" = ApproveIt Desktop 5.9
"{2B134F4A-6C37-48F6-944D-B709BB6DCE47}" = Forerunner Logbook
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{44D21B77-D4FC-49E8-A726-CD00D5016703}" = DBsign Web Signer
"{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65EB09A3-993B-401E-8936-C9708CBFAB26}" = FinePixViewer YTUPL
"{664FE4DC-E38D-40A0-83F0-D80B37015CAB}" = InstallRoot 3.12
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E448242-1967-4470-A3F5-FFB62B341D8F}" = 2600
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F22ADCE-3549-49C2-BC16-07B692F57EFF}" = 2600_Help
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
"{8B43D18F-DC74-4D44-814E-9BD3420B8E44}" = McAfee QuickClean 6.1
"{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}" = 4500G510af
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
"{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{934E9442-D305-4ACF-AD87-A6C11D677CB9}" = ImageMixer VCD2 for FinePix
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{9F15F5AD-AA10-46d9-B34D-AF2945DC65A6}" = 2600Trb
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = IC 445C Webcam
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.66
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.66
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery
"{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC
"{C98517B6-DCE9-49B7-B19E-E384178D3986}" = HP Officejet 4500 G510a-f
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D22B50A0-DD4E-4E33-9971-891C328677C8}" = DellConnect
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E0000650-0650-0650-0650-000000000650}" = PureEdge Viewer 6.5
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{EBEBDE9F-78FA-4E68-820D-78CAF9DD46FF}" = SCR531 Smartcard Reader
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CobBackup8" = Cobian Backup 8
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESPNMotion" = ESPNMotion
"FinePix Genie_is1" = FUJIFILM MyFinePix Studio 1.0
"Google Updater" = Google Updater
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photo & Imaging" = HP Image Zone 4.2
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library
"InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MWASPI" = MicroStaff WINASPI
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"SystemRequirementsLab" = System Requirements Lab
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"The Weather Channel Toolbar" = The Weather Channel Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WildTangent CDA" = WildTangent Web Driver
"WildTangent wildgames Master Uninstall" = WildGames
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2149006833-1343954704-1090069184-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/1/2011 2:24:57 PM | Computer Name = SIGNAL-RANGER | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/1/2011 2:24:57 PM | Computer Name = SIGNAL-RANGER | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/1/2011 3:15:00 PM | Computer Name = SIGNAL-RANGER | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/1/2011 3:15:00 PM | Computer Name = SIGNAL-RANGER | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/1/2011 3:16:26 PM | Computer Name = SIGNAL-RANGER | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/1/2011 3:16:26 PM | Computer Name = SIGNAL-RANGER | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/1/2011 5:09:00 PM | Computer Name = SIGNAL-RANGER | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/1/2011 5:09:00 PM | Computer Name = SIGNAL-RANGER | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/1/2011 5:12:26 PM | Computer Name = SIGNAL-RANGER | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/1/2011 5:12:26 PM | Computer Name = SIGNAL-RANGER | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 7/1/2011 3:02:39 PM | Computer Name = SIGNAL-RANGER | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 7/1/2011 3:02:39 PM | Computer Name = SIGNAL-RANGER | Source = Service Control Manager | ID = 7034
Description = The McAfee Scanner service terminated unexpectedly. It has done this
1 time(s).

Error - 7/1/2011 3:02:45 PM | Computer Name = SIGNAL-RANGER | Source = Service Control Manager | ID = 7031
Description = The McAfee Personal Firewall Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 7/1/2011 3:02:45 PM | Computer Name = SIGNAL-RANGER | Source = Service Control Manager | ID = 7031
Description = The McAfee Services service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 7/1/2011 3:02:45 PM | Computer Name = SIGNAL-RANGER | Source = Service Control Manager | ID = 7031
Description = The McAfee VirusScan Announcer service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 7/1/2011 3:02:45 PM | Computer Name = SIGNAL-RANGER | Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 7/1/2011 3:02:45 PM | Computer Name = SIGNAL-RANGER | Source = Service Control Manager | ID = 7031
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 7/1/2011 3:02:45 PM | Computer Name = SIGNAL-RANGER | Source = Service Control Manager | ID = 7031
Description = The McAfee Anti-Spam Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 7/1/2011 3:17:47 PM | Computer Name = SIGNAL-RANGER | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 7/1/2011 3:18:21 PM | Computer Name = SIGNAL-RANGER | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.


< End of report >


0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
patchw32.A211.dll
Submission date:
2011-07-01 18:02:42 (UTC)
Current status:
finished
Result:
0/ 42 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.07.02.00 2011.07.01 -
AntiVir 7.11.10.197 2011.07.01 -
Antiy-AVL 2.0.3.7 2011.07.01 -
Avast 4.8.1351.0 2011.07.01 -
Avast5 5.0.677.0 2011.07.01 -
AVG 10.0.0.1190 2011.07.01 -
BitDefender 7.2 2011.07.01 -
CAT-QuickHeal 11.00 2011.07.01 -
ClamAV 0.97.0.0 2011.07.01 -
Commtouch 5.3.2.6 2011.07.01 -
Comodo 9244 2011.07.01 -
DrWeb 5.0.2.03300 2011.07.01 -
eSafe 7.0.17.0 2011.06.29 -
eTrust-Vet 36.1.8420 2011.07.01 -
F-Prot 4.6.2.117 2011.06.30 -
F-Secure 9.0.16440.0 2011.07.01 -
Fortinet 4.2.257.0 2011.07.01 -
GData 22 2011.07.01 -
Ikarus T3.1.1.104.0 2011.07.01 -
Jiangmin 13.0.900 2011.07.01 -
K7AntiVirus 9.107.4863 2011.07.01 -
Kaspersky 9.0.0.837 2011.07.01 -
McAfee 5.400.0.1158 2011.07.01 -
McAfee-GW-Edition 2010.1D 2011.07.01 -
Microsoft 1.7000 2011.07.01 -
NOD32 6257 2011.07.01 -
Norman 6.07.10 2011.07.01 -
nProtect 2011-07-01.01 2011.07.01 -
Panda 10.0.3.5 2011.07.01 -
PCTools 8.0.0.5 2011.07.01 -
Prevx 3.0 2011.07.01 -
Rising 23.64.04.03 2011.07.01 -
Sophos 4.67.0 2011.07.01 -
SUPERAntiSpyware 4.40.0.1006 2011.07.01 -
Symantec 20111.1.0.186 2011.07.01 -
TheHacker 6.7.0.1.246 2011.07.01 -
TrendMicro 9.200.0.1012 2011.07.01 -
TrendMicro-HouseCall 9.200.0.1012 2011.07.01 -
VBA32 3.12.16.4 2011.07.01 -
VIPRE 9741 2011.07.01 -
ViRobot 2011.7.1.4544 2011.07.01 -
VirusBuster 14.0.105.2 2011.07.01 -
Additional information
MD5 : 41ec2f399c8f8ec7502d063b4a0f6555
SHA1 : baafe8f11186ee25a1411611716b0008364886d4
SHA256: fe61e74aee977247f56ddba1580389583c0eeb869f47b1ec174d7899baaec46e
ssdeep: 6144:1NUnGpRo+R1xy0igTsmG2XFNtm8uP+YFpM5ZWOs7aB88C7RC:1NFo+Vy0tJG2VNtmTpM5g
ugRC
File size : 215144 bytes
First seen: 2009-03-10 12:47:33
Last seen : 2011-07-01 18:02:42
TrID:
Win32 Executable MS Visual C++ (generic) (65.1%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Pocket Soft, Inc.
copyright....: © Copyright Pocket Soft, Inc., 2007. All Rights Reserved.
product......: RTPatch
description..: RTPatch Executable
original name: n/a
internal name:
file version.: 10.50
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x221CC
timedatestamp....: 0x45A695B1 (Thu Jan 11 19:53:21 2007)
machinetype......: 0x14c (I386)

[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x29212, 0x29400, 6.43, 6a963777c1de6565aa604d6df4524e56
.bss, 0x2B000, 0x4904, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.rdata, 0x30000, 0xF9, 0x200, 3.12, d2bc4ed2fced1e5671422089cf4e4b86
.data, 0x31000, 0x3234, 0x3400, 4.31, aee6bc3a3ccd710a27812c6baec57ee2
.idata, 0x35000, 0x12DE, 0x1400, 5.28, 921b51d757fe9a9bcfbe59162129da5b
.edata, 0x37000, 0x194, 0x200, 4.38, 714a597b16d46512e1ddfbb99b1e4b76
.rsrc, 0x38000, 0x1B90, 0x1C00, 5.50, 2329c08734c413aeb6e5ee8b6cf9157c
.reloc, 0x3A000, 0x3150, 0x3200, 6.65, 8501cb880183dd912cff25e6c0b50fe3

[[ 5 import(s) ]]
USER32.dll: wsprintfA, LoadStringA, OemToCharA, TranslateMessage, PeekMessageA, DispatchMessageA, DdeDisconnect, CharToOemA, DdeUninitialize, DdeFreeStringHandle, DdeClientTransaction, DdeCreateDataHandle, DdeInitializeA, DdeConnect, DdeCreateStringHandleA, wvsprintfA
ADVAPI32.dll: RegCloseKey, RegQueryInfoKeyA, RegEnumValueA, RegEnumKeyA, RegEnumValueW, RegSetValueExW, RegEnumKeyW, RegDeleteValueA, RegDeleteValueW, RegQueryValueExW, RegOpenKeyExW, RegCreateKeyExW, RegDeleteKeyA, RegDeleteKeyW, RegEnumKeyExA, SetFileSecurityW, GetFileSecurityW, RegOpenKeyExA, RegSetValueExA, RegCreateKeyExA, RegQueryValueExA, FreeSid, RevertToSelf, AccessCheck, IsValidSecurityDescriptor, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, SetSecurityDescriptorDacl, AddAccessAllowedAce, InitializeAcl, GetLengthSid, InitializeSecurityDescriptor, AllocateAndInitializeSid, OpenProcessToken, OpenThreadToken, ImpersonateSelf
ole32.dll: CoUninitialize, CoInitialize
VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoA, GetFileVersionInfoW, GetFileVersionInfoSizeA, VerQueryValueA
KERNEL32.dll: CreateMutexA, DeleteFileA, GetProfileSectionA, VirtualAlloc, GetPrivateProfileSectionA, ReadFile, WriteFile, VirtualFree, CreateDirectoryA, GetLogicalDrives, FlushFileBuffers, DeleteFileW, GetFileType, MoveFileW, GetDriveTypeW, GetCommandLineA, GetCurrentProcessId, GetCPInfo, GetOEMCP, GetACP, GetTimeZoneInformation, GetStartupInfoA, GlobalFree, GlobalAlloc, MulDiv, GetVersion, FreeLibrary, GetDriveTypeA, GetProcAddress, LoadLibraryA, SetEndOfFile, SetFilePointer, CloseHandle, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, GetFileSize, CreateFileA, GetWindowsDirectoryA, GetShortPathNameA, GetFullPathNameA, MoveFileExW, MoveFileExA, CopyFileA, GetFileAttributesA, GetModuleFileNameA, MoveFileA, SetEnvironmentVariableA, GetTempPathA, SetErrorMode, LockResource, SetFileApisToANSI, ReleaseMutex, AreFileApisANSI, WaitForSingleObject, LocalFree, GetLastError, LocalAlloc, GetCurrentProcess, GetCurrentThread, GetLocalTime, GetDiskFreeSpaceA, GetSystemDirectoryA, WideCharToMultiByte, FindNextFileW, SetStdHandle, GetProfileStringA, GetPrivateProfileStringA, GetSystemTime, FindNextFileA, SetFileAttributesA, WriteProfileStringA, WriteProfileSectionA, WritePrivateProfileStringA, WritePrivateProfileSectionA, WriteProfileStringW, WritePrivateProfileStringW, CopyFileW, GetExitCodeProcess, CreateProcessA, lstrcmpiA, CreateFileW, GetSystemInfo, GetFileAttributesW, LoadResource, FindResourceA, SetFileApisToOEM, MultiByteToWideChar, GetVolumeInformationA, FindClose, GetStdHandle, FindFirstFileW, FindFirstFileA, GetModuleHandleA, FileTimeToSystemTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, SystemTimeToFileTime, SetFileAttributesW, SetFileTime, GetCurrentDirectoryA, GetShortPathNameW, GetFullPathNameW, CreateDirectoryW, RaiseException, RtlUnwind, RemoveDirectoryW, RemoveDirectoryA, SetEnvironmentVariableW, SetCurrentDirectoryA, ExitProcess, SetCurrentDirectoryW, GetCurrentDirectoryW, GetEnvironmentStrings

[[ 12 export(s) ]]
RTPBatSvr, RTPRegSvr, RTPRenSvr, RTPatchOEMApply32@12, RTPatchOEMApply32NoCall, RTPatchOEMSetAttribGet@8, RTPatchOEMSetAttribSet@8, RTPatchOEMSetCreate@8, RTPatchOEMSetDelete@8, RTPatchOEMSetDirWalk@8, RTPatchOEMSetOpen@8, RTPatchOEMSetRename@8
ExifTool:
file metadata
CharacterSet: Windows, Latin1
CodeSize: 168960
CompanyName: Pocket Soft, Inc.
EntryPoint: 0x221cc
FileDescription: RTPatch Executable
FileFlagsMask: 0x0000
FileOS: Win32
FileSize: 210 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 10.5
FileVersionNumber: 10.50.0.0
ImageVersion: 0.0
InitializedDataSize: 39424
InternalName:
LanguageCode: English (U.S.)
LegalCopyright: © Copyright Pocket Soft, Inc., 2007. All Rights Reserved.
LinkerVersion: 2.55
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 1.0
ObjectFileType: Dynamic link library
PEType: PE32
ProductName: RTPatch
ProductVersion: 10.5
ProductVersionNumber: 10.50.0.0
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2007:01:11 20:53:21+01:00
UninitializedDataSize: 18944


user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
pw32a0.dll
Submission date:
2011-07-01 18:24:05 (UTC)
Current status:
finished
Result:
0/ 42 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.07.02.00 2011.07.01 -
AntiVir 7.11.10.197 2011.07.01 -
Antiy-AVL 2.0.3.7 2011.07.01 -
Avast 4.8.1351.0 2011.07.01 -
Avast5 5.0.677.0 2011.07.01 -
AVG 10.0.0.1190 2011.07.01 -
BitDefender 7.2 2011.07.01 -
CAT-QuickHeal 11.00 2011.07.01 -
ClamAV 0.97.0.0 2011.07.01 -
Commtouch 5.3.2.6 2011.07.01 -
Comodo 9244 2011.07.01 -
DrWeb 5.0.2.03300 2011.07.01 -
eSafe 7.0.17.0 2011.06.29 -
eTrust-Vet 36.1.8420 2011.07.01 -
F-Prot 4.6.2.117 2011.06.30 -
F-Secure 9.0.16440.0 2011.07.01 -
Fortinet 4.2.257.0 2011.07.01 -
GData 22 2011.07.01 -
Ikarus T3.1.1.104.0 2011.07.01 -
Jiangmin 13.0.900 2011.07.01 -
K7AntiVirus 9.107.4863 2011.07.01 -
Kaspersky 9.0.0.837 2011.07.01 -
McAfee 5.400.0.1158 2011.07.01 -
McAfee-GW-Edition 2010.1D 2011.07.01 -
Microsoft 1.7000 2011.07.01 -
NOD32 6258 2011.07.01 -
Norman 6.07.10 2011.07.01 -
nProtect 2011-07-01.01 2011.07.01 -
Panda 10.0.3.5 2011.07.01 -
PCTools 8.0.0.5 2011.07.01 -
Prevx 3.0 2011.07.01 -
Rising 23.64.04.03 2011.07.01 -
Sophos 4.67.0 2011.07.01 -
SUPERAntiSpyware 4.40.0.1006 2011.07.01 -
Symantec 20111.1.0.186 2011.07.01 -
TheHacker 6.7.0.1.246 2011.07.01 -
TrendMicro 9.200.0.1012 2011.07.01 -
TrendMicro-HouseCall 9.200.0.1012 2011.07.01 -
VBA32 3.12.16.4 2011.07.01 -
VIPRE 9742 2011.07.01 -
ViRobot 2011.7.1.4544 2011.07.01 -
VirusBuster 14.0.105.2 2011.07.01 -
Additional information
MD5 : 41ec2f399c8f8ec7502d063b4a0f6555
SHA1 : baafe8f11186ee25a1411611716b0008364886d4
SHA256: fe61e74aee977247f56ddba1580389583c0eeb869f47b1ec174d7899baaec46e


C:\Program Files\CouponAlert_2pEI\Installr\2.bin\2pEIPlug.dll a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP24\A0002690.dll a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
G:\Cody\School\eKnowledge\SAT Power Prep\viewer.exe probably a variant of Win32/Agent.CZYQGGN trojan cleaned by deleting - quarantined

BC AdBot (Login to Remove)

 


#17 pwgib

pwgib

  • Malware Response Team
  • 2,957 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:03:09 AM

Posted 02 July 2011 - 08:26 AM

Hi SigRanger,

You haven't answered my repeated requests about how your machine is running so I assume you are no longer having any problems. :whistle:


Also, I noticed that Mcafee site adviser is not working.

None of the tools we used removed anything related to McAfee Site Advisor. It could have been affected by the malware you were infected with. I suggest you remove then reinstall the program.


You now appear to be all clean. :thumbsup:

We need to do a little house cleaning.

Step 1.

Re-enable emulation

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger might ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

The following two procedures need to be done in the order listed. If you can not do so please let me know.

Step 2.

Uninstall ComboFix

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall Note the space between the X and the /U.

Please advise if this step is missed for any reason as it performs some important functions.

Step 3.

Please open OTL
  • Double click on the Posted Image icon on your desktop.
  • Click the "Cleanup" checkbox.
  • You will be asked, "Begin Cleanup Process"
  • Select Yes
  • You will be prompted to restart your computer.
You can now uninstall any other programs we may have used and delete any logs that may have been generated.

Step 4.

Here are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of them, however, by following the rest of them you will reduce the risk of becoming re-infected.

It is critical to stay up to date with the latest upgrades to your Operating System, as this can help prevent future problems. You can find microsoft updates here.

I see you are still using Internet Explorer 7. I strongly suggest you update to at least IE8 as earlier versions have vulnerabilities that can be exploited.

I recommend that you visit the link above and either enable 'Automatic Updates' under Start | Control Panel | Automatic Updates, or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

New viruses come out every minute, so it is essential that you keep your antivirus program updated and have the latest signatures to provide you with the best possible protection from malicious software.
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Make sure you use a firewall. A tutorial on understanding and using firewalls may be found here. For most users the built in Windows Firewall is sufficient. Only use one firewall at a time though.

Install Spyware Blaster and update it regularly
If you wish, the commercial version provides automatic updating.

Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
SuperAntiSpyware is another good scanner with high detection and removal rates. Both programs are free for non commercial home use but provide
a resident and do not nag if you purchase the paid versions. I personally prefer and highly recommend the licensed version of MBAM.

Please read and follow How did I get infected?, With steps so it does not happen again! as well as How to prevent Malware by Miekiemoes

If you have any questions please do not hesitate to ask.



Thanks!!
PW

#18 SigRanger

SigRanger
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 02 July 2011 - 01:22 PM

PW,

Thanks for all the help, I really do appreciate it.

Edited by SigRanger, 02 July 2011 - 01:29 PM.


#19 pwgib

pwgib

  • Malware Response Team
  • 2,957 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:03:09 AM

Posted 02 July 2011 - 05:28 PM

You are very welcome. :)


It has been a pleasure working with you. :thumbup2:

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
PW




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users