Jump to content

computernewbie

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

 Content Type 

Everything posted by computernewbie

  1. computernewbie
    All processes killed ========== OTL ========== C:\Users\x32285\AppData\Local\{BCFCBB43-E94E-468A-B15E-71ACDB4E6904}\chrome\content folder moved successfully. C:\Users\x32285\AppData\Local\{BCFCBB43-E94E-468A-B15E-71ACDB4E6904}\chrome folder moved successfully. C:\Users\x32285\AppData\Local\{BCFCBB43-E94E-468A-B15E-71ACDB4E6904} folder moved successfully. C:\Users\x32285\AppData\Roaming\21AEFD647B86FC5B2209CFF4D06134BC folder moved successfully. C:\Users\x32285\AppData\Local\Dniyaduxoxu.bin moved successfully. C:\Users\x32285\AppData\Local\Gxuji.dat moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 40744899 bytes ->Temporary Internet Files folder emptied: 923713 bytes ->Java cache emptied: 54414690 bytes ->Flash cache emptied: 434 bytes User: agm ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: All Users User: Default ->Temp folder emptied: 40744899 bytes ->Temporary Internet Files folder emptied: 885393 bytes ->Java cache emptied: 54414690 bytes ->Flash cache emptied: 434 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: x26571 ->Temp folder emptied: 40744899 bytes ->Temporary Internet Files folder emptied: 3764252 bytes ->Java cache emptied: 54414690 bytes ->Flash cache emptied: 434 bytes User: x31673 ->Temp folder emptied: 40744899 bytes ->Temporary Internet Files folder emptied: 42589947 bytes ->Java cache emptied: 54415662 bytes ->FireFox cache emptied: 41855442 bytes ->Flash cache emptied: 892 bytes User: x31678 ->Temp folder emptied: 40744899 bytes ->Temporary Internet Files folder emptied: 925503 bytes ->Java cache emptied: 54414690 bytes ->FireFox cache emptied: 4984379 bytes ->Flash cache emptied: 434 bytes User: x32285 ->Temp folder emptied: 40744899 bytes ->Temporary Internet Files folder emptied: 49922785 bytes ->Java cache emptied: 9573 bytes ->FireFox cache emptied: 55157120 bytes ->Google Chrome cache emptied: 189461078 bytes ->Flash cache emptied: 485 bytes User: x49656 ->Temp folder emptied: 40744899 bytes ->Temporary Internet Files folder emptied: 3152677 bytes ->Java cache emptied: 54414690 bytes ->Flash cache emptied: 434 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 90440 bytes Session Manager Temp folder emptied: 655469 bytes Session Manager Tmp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 960.00 mb OTL by OldTimer - Version 3.2.24.1 log created on 07072011_150322 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  2. computernewbie
    OTL Extras logfile created on: 6/25/2011 8:15:12 PM - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\x32285\Desktop Windows Vista Enterprise Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.49 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 61.66% Memory free 7.20 Gb Paging File | 5.89 Gb Available in Paging File | 81.80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149.05 Gb Total Space | 41.14 Gb Free Space | 27.60% Space Free | Partition Type: NTFS Computer Name: USMANBUX32285 | User Name: x32285 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] "PolicyVersion" = 513 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 "AllowLocalPolicyMerge" = 1 "AllowLocalIPsecPolicyMerge" = 0 "EnableFirewall" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging] "LogDroppedPackets" = 1 "LogSuccessfulConnections" = 1 "LogFilePath" = %windir%\system32\logfiles\firewall\pfirewall.log -- () "LogFileSize" = 16384 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules] "CoreNet-IPv6-Out" = v2.0|Action=Block|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|Profile=Private|Profile=Public|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "CoreNet-Teredo-Out" = v2.0|Action=Block|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE| "RemoteDesktop-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=3389|App=System|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|Edge=FALSE| [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile] "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 1 "EnableFirewall" = 1 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 "AllowLocalPolicyMerge" = 1 "AllowLocalIPsecPolicyMerge" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\GloballyOpenPorts] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging] "LogDroppedPackets" = 1 "LogSuccessfulConnections" = 1 "LogFileSize" = 16384 "LogFilePath" = %windir%\system32\logfiles\firewall\pfirewall.log -- () [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 "AllowLocalPolicyMerge" = 1 "AllowLocalIPsecPolicyMerge" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\GloballyOpenPorts] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging] "LogDroppedPackets" = 1 "LogSuccessfulConnections" = 1 "LogFileSize" = 16384 "LogFilePath" = %windir%\system32\logfiles\firewall\pfirewall.log -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{032D4DA2-AF3E-4287-86BD-35818E98ADCC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{7C31534B-BEB2-4899-946C-6DD7DDEE74ED}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{A6B89433-7277-4041-B384-6344042BB414}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{D0E1AD0B-3483-4FA2-A6B8-3570E0FB912E}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{DEA0F40F-FFE2-470C-BD8F-A17502279339}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0AEAE6C8-717E-4543-82DA-F84F36C87CE9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0C5590FB-5644-43EE-ABC9-D4BE915236E5}" = protocol=17 | dir=in | app=c:\windows\system32\lmabcoms.exe | "{1289F14A-48D0-4C94-AB62-BA3135F9FBD2}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | "{19C4BC17-E139-4826-A211-5DE323BC5D41}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{213180BA-0092-42F9-A7C4-88FBA4F9E0B5}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe | "{2C81CB51-BEEC-46C7-B755-98227FCDD93C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{2D3FB102-3EB9-4988-980A-2FE17BFC7CC6}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe | "{38EEB3A0-4499-40AE-B87A-A45D8C8C8159}" = protocol=6 | dir=in | app=c:\windows\system32\lmabcoms.exe | "{3F7C2924-2322-4D62-A08B-7F6A7AD5888D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{40753C2F-0C05-413E-A562-3B2B308F5C58}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{40A0C555-8B23-4927-9B62-14678F275900}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | "{420B7D91-6CDD-439E-BA49-1AEA8A618646}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{576920DC-E9B3-4ABC-938E-6488764A6865}" = protocol=17 | dir=in | app=c:\program files\lexmark\errorapp\lmab1err.exe | "{58FDE5A2-A2BE-4877-8E4A-1E4A2AE1F000}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{59A591C3-69DD-469D-B487-5A6A551621BD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{5C83E776-6FAA-4CE0-B26F-FFB35B4AEADF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{637BE7FF-3636-4A7C-8804-F81DBA339E15}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe | "{73D3736B-609B-4F6E-81A1-14BA4623CC19}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | "{73F83B69-2A43-4C11-9345-2F121AFDAD1E}" = dir=in | app=c:\program files\itunes\itunes.exe | "{7DE2A1FC-1BD4-4922-91F9-D7B686162850}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | "{8B2C684D-81F7-4B91-9A3A-A8C33867DCE3}" = protocol=17 | dir=in | app=c:\windows\system32\lmabcoms.exe | "{8FF1D056-362B-463E-BEF1-F735C6230A84}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | "{922ED7BA-20AE-4269-98C0-440BEEF04218}" = protocol=6 | dir=in | app=c:\program files\lexmark\errorapp\lmab1err.exe | "{964A9B5D-1611-435E-ABE1-D21DC11CD10B}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{9D31C976-AA2B-4067-8113-D6177502EF79}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | "{A1BA38E7-D353-4384-91D8-354533B40F49}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe | "{B8FA7272-FEE9-4F73-B892-16F69881076F}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | "{C2CB2162-8661-4DA6-B99B-F2B9AA806ACA}" = protocol=6 | dir=in | app=c:\windows\system32\lmabcoms.exe | "{CC4C1A3D-6983-43B8-AE21-AA280A88B9D0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{CD273E49-EF6B-42DF-BB1E-7E2A88510051}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe | "{F335F080-8C8B-474B-BF4C-3E266CAD38E8}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe | "{F688E93F-B257-4817-9DC0-FD4F09563566}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{FCFCBCD5-65FB-40A6-AE1C-2340357AFFBD}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | "TCP Query User{142F4E60-FE0F-4D68-BA66-B22B4329ED6E}C:\program files\desktopalert\desktopalert.exe" = protocol=6 | dir=in | app=c:\program files\desktopalert\desktopalert.exe | "TCP Query User{189D54E4-8D34-4CDA-88D1-F3144A9F5274}C:\program files\microsoft office communicator\communicator.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe | "TCP Query User{2E24F9AB-D602-48FB-9022-058FB23A2DF9}C:\program files\vbrick\streamplayerplus\streamplayerplus.exe" = protocol=6 | dir=in | app=c:\program files\vbrick\streamplayerplus\streamplayerplus.exe | "TCP Query User{419C2DF9-C4D6-4680-9E3B-BC2547BCFB0C}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe | "TCP Query User{46F5F789-7677-47EA-B7D4-DAE384FF2E8D}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe | "TCP Query User{596C33C3-38D9-4891-958F-52020469B570}C:\program files\vbrick\streamplayerplus\streamplayerplus.exe" = protocol=6 | dir=in | app=c:\program files\vbrick\streamplayerplus\streamplayerplus.exe | "TCP Query User{6C25F48D-432B-4AF1-8CA8-8D94C00B4B15}C:\program files\desktopalert\desktopalert.exe" = protocol=6 | dir=in | app=c:\program files\desktopalert\desktopalert.exe | "TCP Query User{6F02195F-90DB-488C-97BA-0DC636E4A5B4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{A44DEDD5-7F9B-42BB-B390-68DAFC96C5B6}C:\program files\microsoft office communicator\communicator.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe | "TCP Query User{AF472664-3E0F-48EA-B4CC-11E4DDCDAAE1}C:\program files\desktopalert\desktopalert.exe" = protocol=6 | dir=in | app=c:\program files\desktopalert\desktopalert.exe | "UDP Query User{620A86A9-2FA3-4AF3-B5F7-7D2B7A70BDC0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{758F0F01-02CF-49E9-86C2-99F7DC77A8CC}C:\program files\desktopalert\desktopalert.exe" = protocol=17 | dir=in | app=c:\program files\desktopalert\desktopalert.exe | "UDP Query User{82A72DB7-CB1E-49BA-879B-259951BCE114}C:\program files\vbrick\streamplayerplus\streamplayerplus.exe" = protocol=17 | dir=in | app=c:\program files\vbrick\streamplayerplus\streamplayerplus.exe | "UDP Query User{87627146-266D-40BA-96A5-B0B80F3450A9}C:\program files\microsoft office communicator\communicator.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe | "UDP Query User{9B317246-FA0F-457F-81A9-197F8996302C}C:\program files\desktopalert\desktopalert.exe" = protocol=17 | dir=in | app=c:\program files\desktopalert\desktopalert.exe | "UDP Query User{9EA1F7EA-6C73-432A-A176-A4B93DCFDA1F}C:\program files\vbrick\streamplayerplus\streamplayerplus.exe" = protocol=17 | dir=in | app=c:\program files\vbrick\streamplayerplus\streamplayerplus.exe | "UDP Query User{B3B3EC02-29E0-4BDD-9E3A-AF0653A1A4E7}C:\program files\microsoft office communicator\communicator.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe | "UDP Query User{D702A960-06E2-4D56-BD85-244D77D7162A}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe | "UDP Query User{E24C1367-22F8-46E6-9B09-4DBB9F080561}C:\program files\desktopalert\desktopalert.exe" = protocol=17 | dir=in | app=c:\program files\desktopalert\desktopalert.exe | "UDP Query User{EA2F487C-DC7E-4447-A25D-4D970386A19D}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0768D7D7-0D13-4740-9684-A42CCF095BA4}" = Tumbleweed Desktop Validator "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3 "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5 "{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 23 "{29EB04A2-633C-40BE-9673-12DE7360C04E}" = ApproveIt Desktop 5.9 "{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH R5U241 / R5C847 Media Driver ver.2.04.01.00 "{2F5AEC7C-8B46-4807-8DC1-0BFA072C151C}" = VBrick StreamPlayerPlus "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{32A3A4F4-B792-11D6-A78A-00B0D0160130}" = Java SE Development Kit 6 Update 13 "{3AB4E8CB-3321-4D43-8A59-885338A6EBF9}" = STATISTICA 8.0.725.0 CS "{3ED749F6-135B-4559-8936-15FF6979F67E}" = VC8 C Runtime "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{44D21B77-D4FC-49E8-A726-CD00D5016703}" = DBsign Web Signer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers "{52468FB8-50D0-41F9-AFC7-6BD0DA224A6B}" = SMS Client Setup Bootstrap "{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0 "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX "{6D9EB40B-26F9-450F-8FDD-A54B39FF6071}" = Mozilla Firefox (en-US) "{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7396F7C8-EDD8-4473-BF6A-2CE4996716E1}" = JavaFX 1.1 SDK "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes "{81860953-8A77-4ED5-B57C-F35D703D9489}" = Dell ControlVault Host Components Installer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C363CB9-9F31-4349-8491-762C42D3FDFB}" = CambridgeSoft Desktop Inventory 12.0 "{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner "{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0045-0000-0000-0000000FF1CE}" = Microsoft Expression Web 2 "{90120000-0045-0000-0000-0000000FF1CE}_XWeb_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0045-0409-0000-0000000FF1CE}" = Microsoft Expression Web 2 MUI (English) "{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007 "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2) "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007 "{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A1E1083D-249D-483C-AD92-CDCFA230A4C7}" = STATISTICA CambridgeSoft Integration "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient CAC 6.1 x86 "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1) "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework "{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (CSSQL05) "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B639A4DE-A375-47D3-89C3-DDCF98D992F7}" = McAfee Agent "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{BE5AD430-9E0C-4243-AB3F-593835869855}" = Microsoft Office Communicator 2005 "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup "{CB69F592-2101-4CF4-88D1-825CC4FB0979}" = RAPTOR "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D06EF6C2-62D8-4308-897E-B20FE81712B4}" = CambridgeSoft ChemBioOffice Ultra 2010 "{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium "{DCC90D9D-4F8D-4A06-9050-ADDB284FF9FA}" = Adobe Flash Player 10 ActiveX "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag "{E0000650-0650-0650-0650-000000000650}" = PureEdge Viewer 6.5 "{E145D9BE-D521-4527-A85D-2B2D47725506}" = CambridgeSoft ChemScript 12.0 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client "{ECE4289B-68C8-4D30-9C65-84CC2052CCFF}" = CambridgeSoft BioAssay 12.0 "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3 "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F596E368-2A1D-4896-AB37-C81BFA4DD011}" = CambridgeSoft ENotebook 12.0.1 "{F972403C-BFE4-49EB-82B8-10D0FDBD1BB1}" = VirtualDJ Home FREE "{FB9607C0-17B8-42B8-BB99-A1C9F7038363}" = Wolfram Notebook Indexer 2.0 "{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 4.65 "9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5) "AC3Filter_is1" = AC3Filter 1.63b "Adobe Audition 3.0" = Adobe Audition 3.0 "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "AIM_7" = AIM 7 "BlackBerry_Desktop" = BlackBerry Desktop Software 6.1 "ENTERPRISE" = Microsoft Office Enterprise 2007 "GOM Player" = GOM Player "Guitar Pro 5_is1" = Guitar Pro 5.2 "HTMLKit_is1" = HTML-Kit "Juniper Odyssey Access Client" = Juniper Odyssey Access Client 5.1 "KEY 5.1" = KEY 5.1 "Lexmark_HostCD" = Lexmark Software Uninstall "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MestReNova LITE" = MestReNova LITE 5.2.5-4731 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "M-WIN-P 7.0.1 1213966_is1" = Wolfram Mathematica 7 (M-WIN-P 7.0.1 1213966) "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Plants vs. Zombies" = Plants vs. Zombies "PROSet" = Intel® Network Connections Drivers "RealPlayer 12.0" = RealPlayer "SoftwareUpdUtility" = Download Updater (AOL LLC) "StarCraft II" = StarCraft II "STATNOVAPDF_is1" = STATNOVAPDF (novaPDF Professional Server 5.4 printer) "Steam App 240" = Counter-Strike: Source "Steam App 550" = Left 4 Dead 2 "USMA Desktop Alert System" = USMA Desktop Alert System 2.1.1.1 "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "VISPRO" = Microsoft Office Visio Professional 2007 "VLC media player" = VLC media player 1.1.7 "XWeb" = Microsoft Expression Web 2 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "IT105 Editor" = IT105 Editor ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 4/17/2011 12:12:55 PM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Perflib | ID = 1010 Description = Error - 4/17/2011 12:12:55 PM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Perflib | ID = 1008 Description = Error - 4/19/2011 10:56:16 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Perflib | ID = 1008 Description = Error - 4/19/2011 10:56:16 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Perflib | ID = 1010 Description = Error - 4/19/2011 10:56:17 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Perflib | ID = 1008 Description = Error - 4/20/2011 6:05:17 PM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Windows Search Service | ID = 3024 Description = Error - 4/20/2011 6:14:32 PM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Windows Search Service | ID = 3024 Description = Error - 4/21/2011 6:48:10 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Perflib | ID = 1008 Description = Error - 4/21/2011 6:48:10 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Perflib | ID = 1010 Description = Error - 4/21/2011 6:48:11 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Perflib | ID = 1008 Description = [ OSession Events ] Error - 5/16/2011 9:11:45 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 5106 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 10/8/2010 8:42:18 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = DCOM | ID = 10016 Description = Error - 10/8/2010 8:42:34 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Application Management Group Policy | ID = 103 Description = The removal of the assignment of application ERACENT8 from policy DEAN-SOFTWARE-ERACENT8 failed. The error was : %2 Error - 10/8/2010 8:42:39 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Application Management Group Policy | ID = 103 Description = The removal of the assignment of application ERACENT8 from policy DEAN-SOFTWARE-ERACENT8 failed. The error was : %2 Error - 10/8/2010 9:18:29 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = PlugPlayManager | ID = 12 Description = The device 'TSSTcorp DVD+-RW TS-U633F' (IDE\CdRomTSSTcorp_DVD+-RW_TS-U633F_______________D200____\4&a35d0c1&0&0.1.0) disappeared from the system without first being prepared for removal. Error - 10/8/2010 9:42:53 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = PlugPlayManager | ID = 12 Description = The device 'TSSTcorp DVD+-RW TS-U633F' (IDE\CdRomTSSTcorp_DVD+-RW_TS-U633F_______________D200____\4&a35d0c1&0&0.1.0) disappeared from the system without first being prepared for removal. Error - 10/8/2010 9:50:50 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Microsoft-Windows-GroupPolicy | ID = 1129 Description = The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error - 10/8/2010 10:03:50 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = PlugPlayManager | ID = 12 Description = The device 'TSSTcorp DVD+-RW TS-U633F' (IDE\CdRomTSSTcorp_DVD+-RW_TS-U633F_______________D200____\4&a35d0c1&0&0.1.0) disappeared from the system without first being prepared for removal. Error - 10/8/2010 10:14:45 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Application Management Group Policy | ID = 103 Description = The removal of the assignment of application ERACENT8 from policy DEAN-SOFTWARE-ERACENT8 failed. The error was : %2 Error - 10/8/2010 10:26:06 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = PlugPlayManager | ID = 12 Description = The device 'TSSTcorp DVD+-RW TS-U633F' (IDE\CdRomTSSTcorp_DVD+-RW_TS-U633F_______________D200____\4&a35d0c1&0&0.1.0) disappeared from the system without first being prepared for removal. Error - 10/8/2010 11:52:53 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = DCOM | ID = 10016 Description = [ Tumbleweed Events ] Error - 6/22/2011 6:50:32 PM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Desktop Validator | ID = 1 Description = Certificate Revocation Status Calling Application: mctray.exe Certificate Name: /C=US/ST=California/L=Santa Clara/O=McAfee, Inc./OU=Digital ID Class 3 - Microsoft Software Validation v2/OU=IIS/CN=McAfee, Inc. Certificate Issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa ©04/CN=VeriSign Class 3 Code Signing 2004 CA Certificate Serial Number: 564A361E168A81A8F3EFAADA332508E1 Revocation Status: Unable to verify Validation Protocol: CRL Validation Url: http://CSC3-2004-crl.verisign.com/CSC3-2004.crl Error: Communication error - unable to connect Error - 6/22/2011 6:50:36 PM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Desktop Validator | ID = 1 Description = Certificate Revocation Status Calling Application: mctray.exe Certificate Name: /C=US/ST=California/L=Santa Clara/O=McAfee, Inc./OU=Digital ID Class 3 - Microsoft Software Validation v2/OU=IIS/CN=McAfee, Inc. Certificate Issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa ©04/CN=VeriSign Class 3 Code Signing 2004 CA Certificate Serial Number: 354D1AC920ADBF81F21B7CB77AE98480 Revocation Status: Unable to verify Validation Protocol: CRL Validation Url: http://CSC3-2004-crl.verisign.com/CSC3-2004.crl Error: Communication error - unable to connect Error - 6/23/2011 9:14:45 PM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Desktop Validator | ID = 1 Description = Certificate Revocation Status Calling Application: mctray.exe Certificate Name: /C=US/ST=California/L=Santa Clara/O=McAfee, Inc./OU=Digital ID Class 3 - Microsoft Software Validation v2/OU=IIS/CN=McAfee, Inc. Certificate Issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa ©04/CN=VeriSign Class 3 Code Signing 2004 CA Certificate Serial Number: 564A361E168A81A8F3EFAADA332508E1 Revocation Status: Unable to verify Validation Protocol: CRL Validation Url: http://CSC3-2004-crl.verisign.com/CSC3-2004.crl Error: Communication error - unable to connect Error - 6/23/2011 9:14:50 PM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Desktop Validator | ID = 1 Description = Certificate Revocation Status Calling Application: mctray.exe Certificate Name: /C=US/ST=California/L=Santa Clara/O=McAfee, Inc./OU=Digital ID Class 3 - Microsoft Software Validation v2/OU=IIS/CN=McAfee, Inc. Certificate Issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa ©04/CN=VeriSign Class 3 Code Signing 2004 CA Certificate Serial Number: 354D1AC920ADBF81F21B7CB77AE98480 Revocation Status: Unable to verify Validation Protocol: CRL Validation Url: http://CSC3-2004-crl.verisign.com/CSC3-2004.crl Error: Communication error - unable to connect Error - 6/25/2011 4:43:25 PM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Desktop Validator | ID = 1 Description = Certificate Revocation Status Calling Application: pctssvc.exe Certificate Name: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa ©09/CN=VeriSign Class 3 Code Signing 2009 CA Certificate Issuer: /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=© 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network Certificate Serial Number: 2EAEB6828663FED97555F8FE24F33B1A Revocation Status: Unable to verify Error: Issuer and user certificate akid mismatch. Error - 6/25/2011 4:54:53 PM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Desktop Validator | ID = 1 Description = Certificate Revocation Status Calling Application: pctssvc.exe Certificate Name: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa ©09/CN=VeriSign Class 3 Code Signing 2009 CA Certificate Issuer: /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=© 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network Certificate Serial Number: 2EAEB6828663FED97555F8FE24F33B1A Revocation Status: Unable to verify Error: Issuer and user certificate akid mismatch. Error - 6/25/2011 5:00:04 PM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Desktop Validator | ID = 1 Description = Certificate Revocation Status Calling Application: pctssvc.exe Certificate Name: /C=US/O=Thawte, Inc./CN=Thawte Code Signing CA - G2 Certificate Issuer: /C=US/O=thawte, Inc./OU=Certification Services Division/OU=© 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA Certificate Serial Number: 47974D7873A5BCAB0D2FB370192FCE5E Revocation Status: Unable to verify Validation Protocol: CRL Validation Url: http://crl.thawte.com/ThawtePCA.crl Error: Communication error - unable to connect Error - 6/25/2011 5:00:04 PM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Desktop Validator | ID = 1 Description = Certificate Revocation Status Calling Application: pctssvc.exe Certificate Name: /C=US/O=Thawte, Inc./CN=Thawte Code Signing CA - G2 Certificate Issuer: /C=US/O=thawte, Inc./OU=Certification Services Division/OU=© 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA Certificate Serial Number: 47974D7873A5BCAB0D2FB370192FCE5E Revocation Status: Unable to verify Validation Protocol: CRL Validation Url: C:\Program Files\Tumbleweed\Desktop Validator\crls\7B5B45CFAFCECB7AFD31921A6AB6F346EB5748500DD9EAE3ADDB804D2BEF610A47FDFCE0D7C70122\latest.crl Revocation information expired Error - 6/25/2011 5:00:04 PM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Desktop Validator | ID = 1 Description = Certificate Revocation Status Calling Application: pctssvc.exe Certificate Name: /C=US/ST=California/L=Mountain View/O=Mozilla Corporation/OU=Release Engineering/CN=Mozilla Corporation Certificate Issuer: /C=US/O=Thawte, Inc./CN=Thawte Code Signing CA - G2 Certificate Serial Number: 36E4119288CB154660F7674908EA6B87 Revocation Status: Unable to verify Validation Protocol: CRL Validation Url: http://cs-g2-crl.thawte.com/ThawteCSG2.crl Error: Communication error - unable to connect Error - 6/25/2011 5:00:04 PM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Desktop Validator | ID = 1 Description = Certificate Revocation Status Calling Application: pctssvc.exe Certificate Name: /C=US/ST=California/L=Mountain View/O=Mozilla Corporation/OU=Release Engineering/CN=Mozilla Corporation Certificate Issuer: /C=US/O=Thawte, Inc./CN=Thawte Code Signing CA - G2 Certificate Serial Number: 36E4119288CB154660F7674908EA6B87 Revocation Status: Unable to verify Validation Protocol: CRL Validation Url: C:\Program Files\Tumbleweed\Desktop Validator\crls\D40D653F7ABD34C6FE47E74C0DC0BDF2DE15AB71705654B6592D8793A3CF7583F13498AC94EDD449\latest.crl Revocation information expired < End of report >
  3. computernewbie
    This is the OTL.txt file OTL logfile created on: 7/5/2011 7:49:00 PM - Run 2 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\x32285\Desktop Windows Vista Enterprise Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.49 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 65.02% Memory free 7.16 Gb Paging File | 6.01 Gb Available in Paging File | 83.99% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149.05 Gb Total Space | 47.79 Gb Free Space | 32.06% Space Free | Partition Type: NTFS Computer Name: USMANBUX32285 | User Name: x32285 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\x32285\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) PRC - C:\Program Files\AIM\aim.exe (AOL Inc.) PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.) PRC - c:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.) PRC - C:\Program Files\Juniper Networks\Odyssey Access Client\odTray.exe (Juniper Networks, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Lexmark\ErrorApp\LMab1err.EXE ( ) PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) PRC - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity) PRC - C:\Program Files\DesktopAlert\DesktopAlert.exe (DesktopAlert, Inc.) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Tumbleweed\Desktop Validator\DVTrayApp.exe (Tumbleweed Communications Inc.) PRC - C:\Program Files\MagicTune Premium\GammaTray.exe () ========== Modules (SafeList) ========== MOD - C:\Users\x32285\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll (Broadcom Corporation.) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (NVIDIA Performance Driver Service) -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe () SRV - (McAfeeFramework) -- c:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) SRV - (CcmExec) -- C:\Windows\System32\CCM\CcmExec.exe (Microsoft Corporation) SRV - (smstsmgr) -- C:\Windows\System32\CCM\TSManager.exe (Microsoft Corporation) SRV - (odClientService) -- C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe (Juniper Networks, Inc.) SRV - (EacService) -- C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe (Juniper Networks) SRV - (JuniperAccessService) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Juniper Networks) SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation) SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) SRV - (McShield) -- c:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.) SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.) SRV - (McTaskManager) -- c:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) SRV - (McAfeeEngineService) -- c:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_820ff26a\stacsv.exe (IDT, Inc.) SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_820ff26a\AEstSrv.exe (Andrea Electronics Corporation) SRV - (lmab_device) -- C:\Windows\System32\LMabcoms.exe ( ) SRV - (accoca) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (MagicTuneEngine) -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe () SRV - (Tumbleweed Desktop Validator) -- C:\Program Files\Tumbleweed\Desktop Validator\DVService.exe (Tumbleweed Communications Inc.) ========== Driver Services (SafeList) ========== DRV - (prepdrvr) -- C:\Windows\System32\CCM\PrepDrv.sys (Microsoft Corporation) DRV - (odFips2) -- C:\Windows\system32\drivers\odFips2.sys (Juniper Networks, Inc.) DRV - (odFips) -- C:\Windows\system32\drivers\odFips.sys (Juniper Networks, Inc.) DRV - (SCRx31 USB Reader) -- C:\Windows\System32\drivers\stc2.sys (SCM Microsystems Inc.) DRV - (cvusbdrv) -- C:\Windows\System32\drivers\cvusbdrv.sys (Broadcom Corporation) DRV - (CCIDFILTER) -- C:\Windows\System32\drivers\ccidflt.sys (Broadcom Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (jnprna) -- C:\Windows\System32\drivers\jnprna.sys (Juniper Networks, Inc.) DRV - (JnprVaMgr) -- C:\Windows\System32\drivers\jnprvamgr.sys (Juniper Networks, Inc.) DRV - (jnprva) -- C:\Windows\System32\drivers\jnprva.sys (Juniper Networks, Inc.) DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation) DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (PBADRV) -- C:\Windows\system32\DRIVERS\PBADRV.sys (Dell Inc) DRV - (e1yexpress) Intel® -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.usma.edu IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.usma.edu IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 134.240.241.240:8080 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://cis.usma.edu IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://cis.usma.edu IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = drenproxy.usma.army.mil:8080 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16 FF - prefs.js..network.proxy.ftp: "drenproxy.usma.army.mil" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.gopher: "drenproxy.usma.army.mil" FF - prefs.js..network.proxy.gopher_port: 8080 FF - prefs.js..network.proxy.http: "drenproxy.usma.army.mil" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "drenproxy.usma.army.mil" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "drenproxy.usma.army.mil" FF - prefs.js..network.proxy.ssl_port: 8080 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/30 14:19:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{BCFCBB43-E94E-468A-B15E-71ACDB4E6904}: C:\Users\x32285\AppData\Local\{BCFCBB43-E94E-468A-B15E-71ACDB4E6904} [2011/06/23 23:51:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/18 10:12:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/19 17:20:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1.1\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2011/05/18 10:12:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1.1\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2011/05/19 17:20:00 | 000,000,000 | ---D | M] [2010/04/26 13:17:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\x32285\AppData\Roaming\mozilla\Extensions [2010/04/26 13:17:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\x32285\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011/06/23 23:50:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\x32285\AppData\Roaming\mozilla\Firefox\Profiles\p7bjk42v.default\extensions [2010/08/09 23:29:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\x32285\AppData\Roaming\mozilla\Firefox\Profiles\p7bjk42v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/05/18 10:12:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/05/18 10:12:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011/05/18 10:12:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\chrome\en-US\locale\en-US\mozapps\extensions [2011/05/18 10:12:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\chrome\toolkit\content\mozapps\extensions [2011/05/18 10:12:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\chrome\toolkit\skin\classic\aero\mozapps\extensions [2011/05/18 10:12:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\chrome\toolkit\skin\classic\mozapps\extensions File not found (No name found) -- [2011/06/23 23:51:51 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\X32285\APPDATA\LOCAL\{BCFCBB43-E94E-468A-B15E-71ACDB4E6904} [2011/05/12 01:25:08 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2009/07/07 17:20:42 | 000,061,440 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll [2009/07/07 17:20:42 | 000,065,536 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll [2011/01/30 11:45:12 | 000,135,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2010/12/22 03:24:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2010/12/22 03:24:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2010/12/22 03:24:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2010/12/22 03:24:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2010/12/22 03:24:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2010/12/22 03:24:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2010/12/22 03:24:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2011/05/12 01:25:08 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2011/05/12 01:25:08 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml [2011/05/12 01:25:08 | 000,001,131 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2011/05/12 01:25:08 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2011/05/12 01:25:08 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2011/05/12 01:25:08 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2011/06/24 00:17:50 | 000,435,303 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 14982 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [AprvRemoveLegacyExcelKeys] File not found O4 - HKLM..\Run: [AprvRemoveLegacyWordKeys] File not found O4 - HKLM..\Run: [DesktopAlert] C:\Program Files\DesktopAlert\DesktopAlert.exe (DesktopAlert, Inc.) O4 - HKLM..\Run: [DVTrayApp] C:\Program Files\Tumbleweed\Desktop Validator\DVTrayApp.exe (Tumbleweed Communications Inc.) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe (PureEdge™ Solutions Inc.) O4 - HKLM..\Run: [McAfeeUpdaterUI] c:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [OdTray.exe] C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe (Juniper Networks, Inc.) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [shStatEXE] c:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [TkBellExe] File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.) O4 - HKCU..\Run: [Google Update] C:\Users\x32285\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\LMab1err.EXE ( ) O4 - Startup: C:\Users\x32285\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Download present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PreXPSP2ShellProtocolBehavior = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = UNITED STATES DEPARTMENT OF DEFENSE WARNING STATEMENT O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = [string data over 1000 bytes] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylockeduserid = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DelayedDesktopSwitchTimeout = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ReportControllerMissing = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInplaceSharing = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: acom.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: af.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: afms.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: africom.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: anthrax.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: arl.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: army.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: army.mil ([akocac.us] https in Trusted sites) O15 - HKLM\..Trusted Domains: army.mil ([akoim.us] http in Trusted sites) O15 - HKLM\..Trusted Domains: army.mil ([akoim.us] https in Trusted sites) O15 - HKLM\..Trusted Domains: army.mil ([armyweb.us] https in Trusted sites) O15 - HKLM\..Trusted Domains: army.mil ([mes1.dr1.us] http in Trusted sites) O15 - HKLM\..Trusted Domains: army.mil ([mes1.ps1.us] http in Trusted sites) O15 - HKLM\..Trusted Domains: army.mil ([mes2.dr1.us] http in Trusted sites) O15 - HKLM\..Trusted Domains: army.mil ([mes2.ps1.us] http in Trusted sites) O15 - HKLM\..Trusted Domains: army.mil ([mes3.dr1.us] http in Trusted sites) O15 - HKLM\..Trusted Domains: army.mil ([mes3.ps1.us] http in Trusted sites) O15 - HKLM\..Trusted Domains: army.mil ([mes4.dr1.us] http in Trusted sites) O15 - HKLM\..Trusted Domains: army.mil ([mes4.ps1.us] http in Trusted sites) O15 - HKLM\..Trusted Domains: army.mil ([mes5.dr1.us] http in Trusted sites) O15 - HKLM\..Trusted Domains: army.mil ([mes5.ps1.us] http in Trusted sites) O15 - HKLM\..Trusted Domains: army.mil ([mes6.dr1.us] http in Trusted sites) O15 - HKLM\..Trusted Domains: army.mil ([mes6.ps1.us] http in Trusted sites) O15 - HKLM\..Trusted Domains: army.mil ([webmail.us] https in Trusted sites) O15 - HKLM\..Trusted Domains: army.mil ([www.us] https in Trusted sites) O15 - HKLM\..Trusted Domains: arpa.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: asbca.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: assist.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: BTA.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: CAC.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: centcom.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: cert.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: daps.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: darpa.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: dau.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: dc3.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: dcaa.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: dcma.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: deca.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: defendamerica.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: defenselink.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: deploymenthealth.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: dfas.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: dia.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: disa.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: disa.mil ([miap.csd] https in Trusted sites) O15 - HKLM\..Trusted Domains: disagrid.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: dla.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: dmso.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: dod.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: doded.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: dsm.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: dss.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: dtepi.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: dtic.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: dtra.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: eb.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: eb.mil ([wawf] * in Trusted sites) O15 - HKLM\..Trusted Domains: eucom.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: hpc.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: ia.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: jast.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: jcmotf.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: jcs.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: jcse.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: jfcom.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: jointmodels.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: js.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: jsc.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: jsf.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: jsims.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: jtfgno.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: jwac.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: knowledgenet.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: korea50.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: mnf-iraq.com ([]http in Trusted sites) O15 - HKLM\..Trusted Domains: mnf-iraq.com ([www] http in Trusted sites) O15 - HKLM\..Trusted Domains: navy.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: ncsc.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: newhorizons.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: nga.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: nic.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: nima.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: nipr.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: norad.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: noradnorthcom.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: northcom.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: nosc.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: nro.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: osd.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: pacom.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: pcstravel.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: pdhealth.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: pentagon.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: skillport.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: skillsoft.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: soc.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: socds.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: socom.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: southcom.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: spacecom.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: stratcom.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: test.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: transcom.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: ttsc.net ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: usbank.com ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: usBANK.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: uscg.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: usma.edu ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: usma.edu ([kmdev] https in Local intranet) O15 - HKLM\..Trusted Domains: usma.edu ([kmstaging] https in Local intranet) O15 - HKLM\..Trusted Domains: usma.edu ([mysites] https in Local intranet) O15 - HKLM\..Trusted Domains: usma.edu ([portal] https in Local intranet) O15 - HKLM\..Trusted Domains: usma.edu ([teamsites] https in Local intranet) O15 - HKLM\..Trusted Domains: usmc.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: usuhs.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: westpoint.edu ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: westpoint.edu ([kmdev] https in Local intranet) O15 - HKLM\..Trusted Domains: westpoint.edu ([kmstaging] https in Local intranet) O15 - HKLM\..Trusted Domains: westpoint.edu ([mysites] https in Local intranet) O15 - HKLM\..Trusted Domains: westpoint.edu ([portal] https in Local intranet) O15 - HKLM\..Trusted Domains: westpoint.edu ([teamsites] https in Local intranet) O15 - HKLM\..Trusted Domains: whmo.mil ([]* in Trusted sites) O15 - HKLM\..Trusted Domains: whs.mil ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: army.mil ([www.us] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = usma.ds.army.edu O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\x32285\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp O24 - Desktop BackupWallPaper: C:\Users\x32285\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk /p \??\E:) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/06/25 20:14:57 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\x32285\Desktop\OTL.exe [2011/06/25 17:12:58 | 000,000,000 | ---D | C] -- C:\Users\x32285\AppData\Roaming\Malwarebytes [2011/06/25 17:11:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011/06/25 17:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/06/25 17:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/06/25 17:11:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011/06/25 17:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/06/25 17:09:30 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\x32285\Desktop\mbam-setup.exe [2011/06/25 16:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor [2011/06/25 16:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2011/06/25 16:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011/06/24 00:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011/06/24 00:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011/06/23 23:51:51 | 000,000,000 | ---D | C] -- C:\Users\x32285\AppData\Local\{BCFCBB43-E94E-468A-B15E-71ACDB4E6904} [2011/06/23 23:50:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2011/06/23 23:50:26 | 000,000,000 | ---D | C] -- C:\Program Files\PageRage [2011/06/23 23:50:13 | 000,000,000 | ---D | C] -- C:\Users\x32285\AppData\Roaming\21AEFD647B86FC5B2209CFF4D06134BC [2011/06/23 23:50:07 | 000,000,000 | ---D | C] -- C:\Quarantine [2011/06/12 15:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011/06/12 15:05:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011/06/12 15:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011/06/12 14:38:19 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011/06/12 14:38:18 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011/06/12 14:38:18 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2010/04/26 13:14:34 | 000,380,928 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll [2010/04/26 13:11:14 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lmabpmui.dll [2010/04/26 13:11:13 | 001,044,480 | ---- | C] ( ) -- C:\Windows\System32\lmabserv.dll [2010/04/26 13:11:13 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lmabusb1.dll [2010/04/26 13:11:13 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lmabiesc.dll [2010/04/26 13:11:12 | 000,864,256 | ---- | C] ( ) -- C:\Windows\System32\lmabip1.dll [2010/04/26 13:11:12 | 000,573,440 | ---- | C] ( ) -- C:\Windows\System32\lmablmpm.dll [2010/04/26 13:11:12 | 000,487,424 | ---- | C] ( ) -- C:\Windows\System32\lmabpar1.dll [2010/04/26 13:11:12 | 000,458,752 | ---- | C] ( ) -- C:\Windows\System32\lmabiobj.dll [2010/04/26 13:11:12 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lmabinpa.dll [2010/04/26 13:11:11 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\lmabhcp.dll [2010/04/26 13:11:10 | 000,819,200 | ---- | C] ( ) -- C:\Windows\System32\lmabcomc.dll [2010/04/26 13:11:10 | 000,590,504 | ---- | C] ( ) -- C:\Windows\System32\lmabcoms.exe [2010/04/26 13:11:10 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lmabcomm.dll ========== Files - Modified Within 30 Days ========== [2011/07/05 19:55:19 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/07/05 19:55:19 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/07/05 19:47:13 | 000,000,459 | ---- | M] () -- C:\Windows\SMSCFG.ini [2011/07/05 19:46:08 | 000,679,033 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011/07/05 19:46:08 | 000,679,033 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011/07/05 19:46:01 | 000,002,563 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ApproveIt StartUp.lnk [2011/07/05 19:45:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/07/05 19:44:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/07/05 19:44:31 | 3745,411,072 | -HS- | M] () -- C:\hiberfil.sys [2011/06/27 00:07:55 | 000,135,168 | ---- | M] () -- C:\Users\x32285\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/26 23:19:12 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/06/26 23:19:11 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-651377827-839522115-98182UA.job [2011/06/26 23:13:51 | 000,680,274 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/06/26 23:13:51 | 000,128,498 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/06/25 20:15:00 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\x32285\Desktop\OTL.exe [2011/06/25 19:17:29 | 001,007,120 | ---- | M] () -- C:\Users\x32285\Desktop\iExplore.exe [2011/06/25 17:11:18 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/06/25 17:09:32 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\x32285\Desktop\mbam-setup.exe [2011/06/25 16:49:03 | 002,114,986 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB [2011/06/25 16:28:33 | 000,000,000 | ---- | M] () -- C:\Users\x32285\AppData\Local\Dniyaduxoxu.bin [2011/06/24 01:16:27 | 000,000,545 | ---- | M] () -- C:\Windows\wininit.ini [2011/06/24 00:43:41 | 000,001,356 | ---- | M] () -- C:\Users\x32285\AppData\Local\d3d9caps.dat [2011/06/24 00:17:50 | 000,435,303 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011/06/23 23:51:52 | 000,000,120 | ---- | M] () -- C:\Users\x32285\AppData\Local\Gxuji.dat [2011/06/15 15:05:18 | 000,005,317 | ---- | M] () -- C:\Users\x32285\Desktop\john orders.pdf [2011/06/15 15:01:37 | 000,002,054 | ---- | M] () -- C:\Users\x32285\Desktop\Google Chrome.lnk [2011/06/15 15:01:37 | 000,002,016 | ---- | M] () -- C:\Users\x32285\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/06/12 21:12:52 | 000,005,610 | ---- | M] () -- C:\Users\x32285\Desktop\DTS Orders.pdf [2011/06/12 15:07:05 | 000,001,671 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011/06/12 14:49:58 | 000,155,584 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2011/06/12 14:19:03 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-651377827-839522115-98182Core.job ========== Files Created - No Company Name ========== [2011/06/25 19:17:26 | 001,007,120 | ---- | C] () -- C:\Users\x32285\Desktop\iExplore.exe [2011/06/25 17:11:18 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/06/25 16:45:49 | 002,114,986 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB [2011/06/25 15:16:56 | 3745,411,072 | -HS- | C] () -- C:\hiberfil.sys [2011/06/24 01:16:27 | 000,000,545 | ---- | C] () -- C:\Windows\wininit.ini [2011/06/23 23:51:52 | 000,000,120 | ---- | C] () -- C:\Users\x32285\AppData\Local\Gxuji.dat [2011/06/23 23:51:52 | 000,000,000 | ---- | C] () -- C:\Users\x32285\AppData\Local\Dniyaduxoxu.bin [2011/06/15 15:05:18 | 000,005,317 | ---- | C] () -- C:\Users\x32285\Desktop\john orders.pdf [2011/06/12 21:12:52 | 000,005,610 | ---- | C] () -- C:\Users\x32285\Desktop\DTS Orders.pdf [2011/06/12 15:07:05 | 000,001,671 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011/05/03 17:03:26 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini [2011/02/28 12:23:26 | 000,004,096 | -H-- | C] () -- C:\Users\x32285\AppData\Local\keyfile3.drm [2010/08/09 10:37:38 | 000,000,459 | ---- | C] () -- C:\Windows\SMSCFG.ini [2010/05/27 19:46:22 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin [2010/04/29 17:50:30 | 000,135,168 | ---- | C] () -- C:\Users\x32285\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/04/26 13:15:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010/04/26 13:12:29 | 000,540,672 | ---- | C] () -- C:\Windows\System32\softcoin.dll [2010/04/26 13:12:29 | 000,360,448 | ---- | C] () -- C:\Windows\System32\gencoin.dll [2010/04/23 13:20:26 | 000,001,356 | ---- | C] () -- C:\Users\x32285\AppData\Local\d3d9caps.dat [2009/09/28 14:14:37 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI [2009/09/28 11:48:05 | 000,679,033 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009/09/28 11:48:05 | 000,679,033 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009/09/28 11:30:25 | 000,279,888 | ---- | C] () -- C:\Windows\System32\brcmbsp.dll [2009/09/28 11:20:14 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll [2009/08/11 22:15:52 | 000,000,064 | ---- | C] () -- C:\Windows\System32\drivers\odFIPS2.sys.icv [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009/07/30 10:10:22 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009/07/30 10:10:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/07/30 10:09:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/05/06 14:51:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009/05/06 14:27:51 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2009/05/06 13:42:47 | 000,004,733 | ---- | C] () -- C:\Windows\SigPlus.ini [2008/07/12 01:39:21 | 000,155,584 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008/03/28 17:46:36 | 000,114,688 | ---- | C] () -- C:\Windows\System32\aicext.dll [2008/01/20 22:25:00 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en [2008/01/18 00:35:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\erainp32.dll [2006/11/02 08:56:56 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 08:47:52 | 000,465,928 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 06:33:01 | 000,680,274 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 06:33:01 | 000,128,498 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006/07/18 16:51:16 | 005,304,320 | ---- | C] () -- C:\Windows\System32\digiSealApi.dll [2006/06/30 12:58:44 | 000,176,128 | R--- | C] () -- C:\Windows\System32\bioapi_mds300.dll [2006/06/30 12:58:44 | 000,126,976 | R--- | C] () -- C:\Windows\System32\bioapi100.dll ========== LOP Check ========== [2011/04/27 13:42:00 | 000,000,000 | ---D | M] -- C:\Users\x32285\AppData\Roaming\.minecraft [2011/06/26 23:42:30 | 000,000,000 | ---D | M] -- C:\Users\x32285\AppData\Roaming\21AEFD647B86FC5B2209CFF4D06134BC [2010/04/26 13:29:51 | 000,000,000 | ---D | M] -- C:\Users\x32285\AppData\Roaming\acccore [2010/11/28 21:32:33 | 000,000,000 | ---D | M] -- C:\Users\x32285\AppData\Roaming\Auslogics [2011/06/13 08:11:10 | 000,000,000 | ---D | M] -- C:\Users\x32285\AppData\Roaming\DesktopAlert [2009/09/28 08:43:18 | 000,000,000 | ---D | M] -- C:\Users\x32285\AppData\Roaming\DesktopAlert, Inc [2009/09/28 13:57:20 | 000,000,000 | ---D | M] -- C:\Users\x32285\AppData\Roaming\Funk Software [2009/09/28 13:48:52 | 000,000,000 | ---D | M] -- C:\Users\x32285\AppData\Roaming\Juniper Networks [2009/09/28 08:43:43 | 000,000,000 | ---D | M] -- C:\Users\x32285\AppData\Roaming\PureEdge [2010/11/14 02:34:14 | 000,000,000 | ---D | M] -- C:\Users\x32285\AppData\Roaming\Research In Motion [2011/06/27 00:08:35 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report >
  4. computernewbie
    Hi, I recently got antimalware doctor on my computer and removed it using malwarebytes. If I look in add/remove antimalware doctor isn't there and I looked up other sites talking about looking inti the registry and I couldn't find them there either. Is was after I scanned and removed using malwarebytes. However, antimalwarebytes still pops up with it's annoying messages that I. Have a virus and I don't know how I can remove it anymore. Help would be much appreciated. Thank you! JJ
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.