sorry about all that. found an older version on here. so got rid of it now. now, that i'm on the same page - is it possible to get rid of any traces of anything else run on here w/ out feeling like an idiot?
Here's the logs requested.
OTL logfile created on: 1/14/2011 12:58:35 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
767.00 Mb Total Physical Memory | 607.00 Mb Available Physical Memory | 79.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 21.72 Gb Free Space | 58.27% Space Free | Partition Type: NTFS
Drive E: | 19.13 Gb Total Space | 16.09 Gb Free Space | 84.11% Space Free | Partition Type: FAT32
Computer Name: ACCOUNTING1 | User Name: Admin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/01/14 12:49:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\OTL.com
PRC - [2008/04/13 15:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2011/01/14 12:49:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\OTL.com
MOD - [2010/08/23 07:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/12/06 08:15:34 | 002,849,784 | ---- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2010/09/10 23:41:42 | 001,901,056 | ---- | M] (COMODO) [Auto | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2007/07/20 00:42:30 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/07/20 00:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/07/20 00:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2006/01/06 10:07:26 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11)
SRV - [2003/03/09 11:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2000/12/07 15:51:56 | 000,051,200 | -H-- | M] (America Online, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\PackethSvc.exe -- (PackethSvc)
========== Driver Services (SafeList) ==========
DRV - [2010/09/19 07:57:36 | 000,072,808 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2010/09/10 23:40:52 | 000,239,240 | ---- | M] (COMODO) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/09/10 23:40:48 | 000,015,592 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2010/09/05 11:25:22 | 000,041,928 | ---- | M] (Emsi Software GmbH) [File_System | System | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)
DRV - [2010/05/05 08:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys -- (a2util)
DRV - [2008/04/13 09:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 09:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 09:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/07/20 00:39:50 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/07/20 00:37:56 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/07/18 17:42:42 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/07/18 15:44:00 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/07/18 15:39:15 | 001,278,104 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/07/18 15:39:15 | 000,013,848 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2006/12/13 16:52:50 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/08/31 15:12:08 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/01/06 10:07:27 | 000,050,276 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphs2k11.sys -- (Dot4Storage HPH11) Storage Class Driver for IEEE-1284.4 (HPH11)
DRV - [2006/01/06 10:07:27 | 000,018,928 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphius11.sys -- (Dot4Usb HPH11)
DRV - [2006/01/06 10:07:27 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphipr11.sys -- (Dot4Print HPH11)
DRV - [2006/01/06 10:07:26 | 000,050,896 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphid411.sys -- (Dot4 HPH11)
DRV - [2004/10/07 16:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 20:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/06/12 00:56:44 | 000,098,304 | R--- | M] (ATMEL) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vnet558x.sys -- (FVNETusb)
DRV - [2003/05/02 14:19:00 | 001,312,555 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/03/17 19:27:50 | 000,307,904 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg311nd5.sys -- (NETGEAR_WG311_SERVICE)
DRV - [2002/08/28 20:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2002/04/11 16:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)
DRV - [2002/04/08 16:36:18 | 000,305,100 | ---- | M] (Avance Logic, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Avance AC97 Audio (WDM)
DRV - [2002/03/28 02:05:00 | 000,006,016 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2001/08/18 03:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/18 03:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 12:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 03:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2000/12/03 09:35:58 | 000,022,640 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wandrv.sys -- (wandrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "
http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {CDD6DF24-B2F3-4780-B57C-C984430DAB3D}:1.9.1
FF - prefs.js..extensions.enabledItems: {6BBB6066-4F46-4CCE-9540-25178C5ED123}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.9.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..keyword.URL: "
http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Firefox\Extensions\\{CDD6DF24-B2F3-4780-B57C-C984430DAB3D}: C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\{CDD6DF24-B2F3-4780-B57C-C984430DAB3D} [2010/01/22 16:48:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6BBB6066-4F46-4CCE-9540-25178C5ED123}: C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\{6BBB6066-4F46-4CCE-9540-25178C5ED123}\ [2010/01/28 15:20:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/15 13:57:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/15 13:57:06 | 000,000,000 | ---D | M]
[2008/08/29 11:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\Mozilla\Extensions
[2011/01/03 12:30:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\Mozilla\Firefox\Profiles\r87okycu.default\extensions
[2010/12/15 13:57:33 | 000,000,000 | ---D | M] (Session Manager) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\Mozilla\Firefox\Profiles\r87okycu.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2010/12/16 18:01:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\Mozilla\Firefox\Profiles\r87okycu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/03 12:30:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/10 17:36:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/01/28 15:20:31 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\ADMIN.PRESTIGE-SYS4\LOCAL SETTINGS\APPLICATION DATA\{6BBB6066-4F46-4CCE-9540-25178C5ED123}
[2010/01/22 16:48:14 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\ADMIN.PRESTIGE-SYS4\LOCAL SETTINGS\APPLICATION DATA\{CDD6DF24-B2F3-4780-B57C-C984430DAB3D}
[2010/12/10 17:35:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/12/10 17:35:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/06/30 21:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
O1 HOSTS File: ([2011/01/13 15:23:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Admin.PRESTIGE-SYS4\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1215493224746 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}
http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6}
http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5183/mcfscan.cab (McFreeScan Class)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.165.131.12 209.165.131.13
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () -
http://p.webshots.com/img/mdocs/star_12x12.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/18 11:33:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/09/18 13:43:36 | 000,000,243 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2000/04/07 09:02:10 | 000,000,378 | ---- | M] () - E:\autoexec.nav -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (
www.helixcommunity.org)
CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.
========== Files/Folders - Created Within 30 Days ==========
[2011/01/14 12:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\OTMlogs
[2011/01/14 12:49:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\OTL.com
[2011/01/13 16:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\CFlogs
[2011/01/13 15:50:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/13 15:50:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Recent
[2011/01/13 15:17:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/01/13 15:08:55 | 000,000,000 | ---D | C] -- C:\FixCO
[2011/01/13 13:03:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/01/11 11:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/01/05 09:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Emsisoft Anti-Malware
[2011/01/05 09:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\Anti-Malware
[2010/12/17 21:13:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/17 21:13:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/17 21:13:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/17 21:13:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
========== Files - Modified Within 30 Days ==========
[2011/01/14 12:57:05 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/14 12:56:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/14 12:49:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\OTL.com
[2011/01/13 15:23:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/13 15:10:55 | 000,001,224 | ---- | M] () -- C:\CF-Submit.htm
[2011/01/13 13:41:25 | 000,879,028 | ---- | M] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\SecurityCheck.exe
[2011/01/13 13:03:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/01/13 12:55:06 | 004,154,145 | R--- | M] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\FixCO.exe
[2011/01/11 16:16:33 | 000,046,797 | ---- | M] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\esetonline.JPG
[2011/01/10 19:01:35 | 002,359,350 | ---- | M] () -- C:\WINDOWS\Webshots for Admin.bmp
[2011/01/10 17:47:37 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/01/08 13:53:06 | 000,000,058 | ---- | M] () -- C:\WINDOWS\RegDefrag.ini
[2011/01/05 21:18:54 | 000,000,561 | ---- | M] () -- C:\hpfr5550.xml
[2011/01/05 21:16:56 | 000,000,034 | ---- | M] () -- C:\WINDOWS\hpfsched.ini
[2011/01/05 19:41:54 | 000,005,292 | ---- | M] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20110105_194150.reg
[2011/01/05 17:24:53 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/23 16:10:09 | 000,004,844 | ---- | M] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20101223_161006.reg
[2010/12/21 17:52:50 | 000,260,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/19 12:28:00 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/12/17 21:24:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110111-110448.backup
[2010/12/17 16:16:12 | 000,012,788 | ---- | M] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20101217_161606.reg
========== Files Created - No Company Name ==========
[2011/01/13 15:10:55 | 000,001,224 | ---- | C] () -- C:\CF-Submit.htm
[2011/01/13 13:41:21 | 000,879,028 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\SecurityCheck.exe
[2011/01/13 13:03:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/01/13 13:03:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/01/13 13:00:46 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/13 12:54:55 | 004,154,145 | R--- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\FixCO.exe
[2011/01/11 12:42:48 | 000,046,797 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\esetonline.JPG
[2011/01/05 21:16:56 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2011/01/05 19:41:52 | 000,005,292 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20110105_194150.reg
[2010/12/23 16:10:08 | 000,004,844 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20101223_161006.reg
[2010/12/17 21:13:05 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/17 21:13:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/17 21:13:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/17 21:13:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/17 16:16:09 | 000,012,788 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20101217_161606.reg
[2010/06/24 10:44:22 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/06/24 10:44:22 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/06/24 10:44:19 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/06/24 10:44:19 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/06/24 10:44:18 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/04/27 17:24:46 | 000,004,940 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2010/01/31 17:07:07 | 000,000,058 | ---- | C] () -- C:\WINDOWS\RegDefrag.ini
[2010/01/20 20:15:26 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\housecall.guid.cache
[2009/10/08 12:09:06 | 000,000,306 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/09/07 12:52:43 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/08/04 20:13:44 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2008/07/05 20:07:24 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2008/02/29 22:21:02 | 000,058,163 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/02/16 16:21:29 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/01/09 14:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/12/11 20:24:58 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2007/09/30 17:14:20 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/18 17:42:42 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/05/19 10:12:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlsz.INI
[2006/04/11 08:19:56 | 000,001,398 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\AdobeDLM.log
[2006/04/11 08:19:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\dm.ini
[2005/09/02 14:57:21 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Admin.ini
[2005/05/09 08:05:54 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/04/19 10:12:46 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\fusioncache.dat
[2003/03/09 11:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/02/18 16:17:23 | 000,000,186 | ---- | C] () -- C:\WINDOWS\Teneron.ini
[2002/10/10 16:32:20 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\hpgt42.dll
[2002/10/03 11:40:51 | 000,000,187 | ---- | C] () -- C:\WINDOWS\BW.ini
[2002/09/20 08:45:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/09/18 17:08:07 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2002/09/17 19:20:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2000/10/17 16:43:12 | 000,906,784 | ---- | C] () -- C:\WINDOWS\System32\Owl52f.dll
[2000/09/13 18:15:38 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pagesync.dll
[1999/01/04 12:25:00 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[1998/11/04 01:20:00 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
========== LOP Check ==========
[2008/09/07 12:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\iolo
[2008/07/06 00:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\TrojanHunter
[2010/09/20 16:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2003/09/22 10:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\America Online
[2010/07/14 16:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/12/21 12:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/07/15 12:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2008/09/07 12:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/01/24 15:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\supiyiha
[2010/02/01 14:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/02/01 17:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vegapaye
[2005/08/11 10:51:55 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1115658956.job
[2011/01/13 22:09:44 | 000,032,594 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/10/10 14:02:42 | 000,000,011 | ---- | M] () -- C:\AuResult.ini
[2002/09/18 11:33:30 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/12/19 12:28:00 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/01/13 13:03:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/01/13 15:10:55 | 000,001,224 | ---- | M] () -- C:\CF-Submit.htm
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2002/09/18 11:33:30 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/08/31 13:06:34 | 000,000,907 | ---- | M] () -- C:\hpfr3420.xml
[2007/08/31 13:06:34 | 000,394,917 | ---- | M] () -- C:\hpfr3425.log
[2011/01/05 21:18:54 | 000,000,561 | ---- | M] () -- C:\hpfr5550.xml
[2011/01/05 21:18:54 | 000,281,034 | ---- | M] () -- C:\hph7350.log
[2002/09/18 11:33:30 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2002/11/07 08:24:01 | 000,241,664 | ---- | M] () -- C:\Daron Drywall, Inc.QBB
[2002/09/18 11:33:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/10/15 08:22:58 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/11 12:11:30 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2002/11/07 08:22:16 | 001,086,976 | ---- | M] () -- C:\Pacific Rim Interiors, LLC.QBB
[2011/01/14 12:55:50 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
[2003/04/21 11:54:24 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2003/01/30 15:33:24 | 012,396,032 | ---- | M] () -- C:\Pres.Homes2002.QBB
[2004/03/26 10:32:31 | 000,124,416 | ---- | M] () -- C:\The Terraces Subdivision, LLC 03 26 04.QBB
[2002/11/07 08:29:18 | 000,097,280 | ---- | M] () -- C:\The Terraces Subdivision, LLC.QBB
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2002/09/17 19:18:39 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2002/09/17 19:18:38 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2002/09/17 19:18:38 | 000,385,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-12-12 04:34:03
< End of report >
OTL Extras logfile created on: 1/14/2011 12:58:35 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
767.00 Mb Total Physical Memory | 607.00 Mb Available Physical Memory | 79.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 21.72 Gb Free Space | 58.27% Space Free | Partition Type: NTFS
Drive E: | 19.13 Gb Total Space | 16.09 Gb Free Space | 84.11% Space Free | Partition Type: FAT32
Computer Name: ACCOUNTING1 | User Name: Admin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled
xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled
xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled
xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled
xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled
xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled
xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled
xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled
xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled
xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled
xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe" = C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe:*:Enabled:NetgearAG -- ()
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*
isabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\kav\kav7\setup.exe" = C:\kav\kav7\setup.exe:*
isabled:Kaspersky Anti-Virus 7.0 Setup -- (Kaspersky Lab)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{14374624-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Premier Edition 2005
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{9077253B-FBE9-416A-8D7A-9A58C2E83B39}" = NETGEAR Wireless PCI Adapter
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{99A12218-772D-44F6-9483-6CEC92223C1D}" = TurboProject Deluxe v.4
"{AC76BA86-7AD7-1033-7B44-A70700000002}" = Adobe Reader 7.0.7
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Avance AC'97 Audio
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"Ad-aware 5.83" = Ad-aware 5.83
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Autodesk Express Viewer" = Autodesk Express Viewer
"CCleaner" = CCleaner
"Duplicate Finder_is1" = Duplicate Finder
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.1
"ESET Online Scanner" = ESET Online Scanner v3
"HijackThis" = HijackThis 2.0.2
"hp instant support" = hp instant support
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"hp psc 1200 series_Driver" = hp psc 1200 series
"hphuni04" = Photosmart 130,230,7150,7345,7350,7550 (Remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.0.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NTI CD-Maker 2000 Plus" = NTI CD-Maker 2000 Plus
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Plaxo" = Plaxo
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer
"UDA Construction Office 2003" = UDA Construction Office 2003
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Webshots Desktop" = Webshots Desktop
"WinASO Registry Optimizer 4.5.3_is1" = WinASO Registry Optimizer 4.5.3
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger Explorer Bar" = Yahoo! Messenger Explorer Bar
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/15/2010 1:27:17 AM | Computer Name = ACCOUNTING1 | Source = MsiInstaller | ID = 11706
Description = Product: HP Photo and Imaging 2.0 - All-in-One Drivers -- Error 1706.No
valid source could be found for product HP Photo and Imaging 2.0 - All-in-One Drivers.
The Windows Installer cannot continue.
Error - 12/17/2010 5:18:10 PM | Computer Name = ACCOUNTING1 | Source = Application Error | ID = 1000
Description = Faulting application regopt.exe, version 4.5.3.0, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.
Error - 12/19/2010 7:20:28 PM | Computer Name = ACCOUNTING1 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3989, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.
Error - 12/19/2010 7:20:32 PM | Computer Name = ACCOUNTING1 | Source = Application Error | ID = 1001
Description = Fault bucket -2081677592.
Error - 12/27/2010 1:31:04 PM | Computer Name = ACCOUNTING1 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3989, faulting
module xul.dll, version 1.9.2.3989, fault address 0x0070b15a.
Error - 12/27/2010 1:31:24 PM | Computer Name = ACCOUNTING1 | Source = Application Error | ID = 1001
Description = Fault bucket -2077656330.
Error - 1/6/2011 2:17:08 AM | Computer Name = ACCOUNTING1 | Source = Application Error | ID = 1000
Description = Faulting application hpfiui.exe, version 4.2.41.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.
Error - 1/6/2011 2:17:14 AM | Computer Name = ACCOUNTING1 | Source = Application Error | ID = 1001
Description = Fault bucket 1250658336.
Error - 1/13/2011 6:06:18 PM | Computer Name = ACCOUNTING1 | Source = Application Error | ID = 1000
Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
version 0.0.0.0, fault address 0x0008d560.
Error - 1/13/2011 6:09:56 PM | Computer Name = ACCOUNTING1 | Source = Application Error | ID = 1000
Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
version 0.0.0.0, fault address 0x0008d560.
[ System Events ]
Error - 1/14/2011 5:31:54 PM | Computer Name = ACCOUNTING1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 1/14/2011 5:36:22 PM | Computer Name = ACCOUNTING1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 1/14/2011 5:36:52 PM | Computer Name = ACCOUNTING1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 1/14/2011 5:36:54 PM | Computer Name = ACCOUNTING1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 1/14/2011 5:37:02 PM | Computer Name = ACCOUNTING1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 1/14/2011 5:44:51 PM | Computer Name = ACCOUNTING1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 1/14/2011 5:49:39 PM | Computer Name = ACCOUNTING1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 1/14/2011 5:54:02 PM | Computer Name = ACCOUNTING1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 1/14/2011 5:57:17 PM | Computer Name = ACCOUNTING1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 1/14/2011 5:57:43 PM | Computer Name = ACCOUNTING1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
a2injectiondriver cmdGuard Fips intelppm
< End of report >