Inactive IE 8 crashes, and will not allow Windows update to install

Paulie634 · 2012/12/19

OTL.txt

OTL logfile created on: 12/19/2012 2:57:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.86% Memory free
4.77 Gb Paging File | 4.37 Gb Available in Paging File | 91.59% Paging File free
Paging file location(s): C:\pagefile.sys 3000 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.69 Gb Total Space | 187.01 Gb Free Space | 81.77% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 412.89 Gb Free Space | 88.65% Space Free | Partition Type: NTFS
Drive H: | 4.19 Gb Total Space | 1.23 Gb Free Space | 29.29% Space Free | Partition Type: FAT32

Computer Name: PCDS-BUSINESS | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/19 14:52:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
PRC - [2012/11/28 10:33:11 | 000,170,408 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/10/30 17:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/01 11:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/06/01 11:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/06/01 11:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2010/10/01 10:54:56 | 000,329,096 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/04/22 19:49:38 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackupPro\MemeoBackgroundService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/04/09 16:59:24 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/09 16:49:36 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2003/04/09 16:41:38 | 000,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
PRC - [2003/03/09 20:31:02 | 000,065,795 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (No Company Name) ==========

MOD - [2012/12/19 02:57:08 | 002,040,832 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12121900\algo.dll
MOD - [2012/12/18 14:35:58 | 002,040,832 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12121801\algo.dll
MOD - [2012/11/14 06:16:07 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\b809681da85a58046cb39f268b6697ad\System.Web.ni.dll
MOD - [2012/11/14 06:15:52 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll
MOD - [2012/11/14 06:15:41 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\d8ca3b9fefcda19eeecd55c239f504ba\System.Management.ni.dll
MOD - [2012/11/14 06:11:43 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll
MOD - [2012/11/14 06:10:08 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\b5af2249e2d550f2752176a75c7a7656\Accessibility.ni.dll
MOD - [2012/11/14 06:08:36 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll
MOD - [2012/11/14 06:08:18 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll
MOD - [2012/11/14 06:07:43 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll
MOD - [2012/11/14 06:04:37 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012/11/14 06:04:20 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2012/11/14 06:03:12 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/06/01 11:46:02 | 000,030,984 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
MOD - [2011/06/01 11:42:24 | 000,108,296 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Memeo.Progress.dll
MOD - [2011/06/01 11:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
MOD - [2011/06/01 11:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/03/29 15:02:48 | 000,520,234 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2003/03/09 20:31:04 | 000,561,152 | ---- | M] () -- C:\WINDOWS\system32\hpotscl.dll

========== Services (SafeList) ==========

SRV - [2012/12/01 16:15:10 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/28 10:33:11 | 000,170,408 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/01 11:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/04/22 19:49:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackupPro\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2008/01/05 20:34:12 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2003/03/09 20:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvuvc.sys -- (LVUVC)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LVUSBSta.sys -- (LVUSBSta)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvrs.sys -- (LVRS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr)
DRV - File not found [File_System | Disabled | Stopped] -- system32\DRIVERS\Lbd.sys -- (ldb)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvuvcflt.sys -- (FilterService)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Paul\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwmodem.sys -- (btwmodem)
DRV - [2012/10/30 17:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 17:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 17:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 17:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/10/30 17:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/30 17:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/30 17:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/02 10:36:17 | 000,040,960 | ---- | M] (--) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MOSUMAC.SYS -- (MOSUMAC)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/10/08 15:57:54 | 000,100,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/09/19 13:21:06 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2010/09/19 13:21:06 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010/09/19 13:21:06 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2010/09/19 13:21:06 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2010/09/19 13:21:05 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010/09/19 13:21:05 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2010/08/08 23:16:14 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/08/08 23:15:52 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/01/05 20:26:34 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/10/18 02:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/18 02:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/11/15 20:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/10/27 18:24:00 | 002,297,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2004/08/12 20:45:52 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/06/17 14:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 14:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 14:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/17 15:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
DRV - [1999/09/10 11:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2367648578-2664592681-1860400956-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wral.com
IE - HKU\S-1-5-21-2367648578-2664592681-1860400956-1009\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2367648578-2664592681-1860400956-1009\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2367648578-2664592681-1860400956-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2367648578-2664592681-1860400956-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1474
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/02 16:30:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/01 16:15:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/01 16:15:01 | 000,000,000 | ---D | M]

[2011/08/15 17:22:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Extensions
[2011/11/28 17:47:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\0gasbm2g.default\extensions
[2011/08/18 05:57:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\0gasbm2g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/12/01 16:14:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/01 16:15:11 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/20 01:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/20 01:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

O1 HOSTS File: ([2012/12/18 23:21:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-2367648578-2664592681-1860400956-1009\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2367648578-2664592681-1860400956-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2367648578-2664592681-1860400956-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2367648578-2664592681-1860400956-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2367648578-2664592681-1860400956-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2367648578-2664592681-1860400956-1009\..Trusted Domains: durhamtech.edu ([blackboard] http in Trusted sites)
O15 - HKU\S-1-5-21-2367648578-2664592681-1860400956-1009\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1343150019000 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1199920907406 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{269D9EAF-165C-460C-8356-905B77320BD0}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/13 12:20:25 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/19 14:52:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2012/12/18 21:33:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/12/18 21:32:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/12/18 21:32:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/12/18 21:32:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/12/18 21:32:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/12/18 21:32:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/18 21:31:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/12/18 21:29:06 | 005,012,571 | R--- | C] (Swearware) -- C:\Documents and Settings\Paul\Desktop\ComboFix.exe
[2012/12/18 20:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\RK_Quarantine
[2012/12/18 18:31:51 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Paul\Desktop\dds.com
[2012/12/18 18:28:32 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Paul\Desktop\aswMBR.exe
[2012/12/17 11:50:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/12/03 21:08:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Paul\Recent
[2012/12/01 16:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/11/29 18:52:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/11/29 18:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/11/29 18:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/11/29 18:51:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/11/29 18:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/11/29 18:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/11/20 15:04:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/11/20 15:04:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/11/20 12:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/11/20 12:49:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2012/11/20 12:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/19 14:52:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2012/12/19 14:47:16 | 000,043,632 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\WinPatrol File Type Change Alert.JPG
[2012/12/19 14:35:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2367648578-2664592681-1860400956-1009UA.job
[2012/12/19 10:32:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/12/19 06:16:00 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/12/19 01:35:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2367648578-2664592681-1860400956-1009Core.job
[2012/12/19 00:08:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/18 23:21:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/12/18 21:33:40 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2012/12/18 21:29:12 | 005,012,571 | R--- | M] (Swearware) -- C:\Documents and Settings\Paul\Desktop\ComboFix.exe
[2012/12/18 21:21:37 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2012/12/18 21:20:22 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Microsoft Office Word 2003.lnk
[2012/12/18 20:53:56 | 000,756,224 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\RogueKiller.exe
[2012/12/18 20:42:17 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\MBR.dat
[2012/12/18 18:31:52 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Paul\Desktop\dds.com
[2012/12/18 18:29:11 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Paul\Desktop\aswMBR.exe
[2012/12/17 22:16:45 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/16 13:04:43 | 000,200,513 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\PC Pitstop speed test.JPG
[2012/12/13 00:38:59 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Google Chrome.lnk
[2012/12/13 00:38:59 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/12 06:23:46 | 000,440,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/12 06:06:53 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/05 13:48:22 | 000,477,474 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/12/05 13:48:22 | 000,085,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/12/03 17:55:52 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/11/30 18:16:42 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/11/29 18:52:15 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/11/20 15:04:08 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/11/20 15:04:08 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/19 14:47:16 | 000,043,632 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\WinPatrol File Type Change Alert.JPG
[2012/12/18 21:33:40 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2012/12/18 21:33:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/12/18 21:32:12 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/12/18 21:32:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/12/18 21:32:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/12/18 21:32:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/12/18 21:32:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/12/18 20:53:55 | 000,756,224 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\RogueKiller.exe
[2012/12/18 20:42:17 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\MBR.dat
[2012/12/16 13:04:41 | 000,200,513 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\PC Pitstop speed test.JPG
[2012/12/12 06:04:44 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/12/03 15:06:59 | 000,001,566 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Microsoft Update.lnk
[2012/11/29 18:52:15 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/11/20 15:04:08 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/11/20 15:04:08 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/10/29 16:08:49 | 000,019,558 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2012/10/29 16:08:49 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2012/10/02 16:50:13 | 000,000,162 | ---- | C] () -- C:\WINDOWS\Customize.ini
[2012/10/02 16:50:13 | 000,000,082 | ---- | C] () -- C:\WINDOWS\EpromData.ini
[2012/07/24 12:05:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/17 12:39:53 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Paul\USB001
[2012/02/17 12:34:27 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Paul\usb1
[2011/08/16 15:26:00 | 000,038,479 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Comma Separated Values (Windows).ADR
[2011/05/27 09:37:28 | 000,005,139 | ---- | C] () -- C:\Documents and Settings\Paul\Outlook Express Address Book.csv
[2010/09/20 18:15:52 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\fusioncache.dat
[2010/09/18 09:01:26 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2005/04/13 12:15:37 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
" " = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
" " = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
" " = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/01/05 20:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2012/11/29 18:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011/05/23 09:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/01/27 23:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2011/03/08 20:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/03/20 10:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/14 10:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/14 10:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/02/26 08:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/05/28 17:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2011/05/23 11:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/07/12 23:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/01/10 16:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrintShopWebDesigner
[2010/03/31 22:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/15 11:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/01/05 20:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2011/06/03 14:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Memeo
[2008/01/05 20:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\SampleView
[2011/06/03 14:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Seagate
[2011/05/26 08:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\WinPatrol
[2011/05/27 16:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Seagate
[2008/01/05 20:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LogMeInRemoteUser\Application Data\SampleView
[2011/03/20 10:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\AVG10
[2012/10/09 10:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\ElevatedDiagnostics
[2010/10/28 00:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\FreshDiagnose
[2010/10/07 10:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\GARMIN
[2010/10/10 20:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\InfraRecorder
[2011/05/27 16:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Leadertech
[2011/05/28 17:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Memeo
[2010/11/17 16:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\OpenOffice.org
[2008/01/05 20:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\SampleView
[2011/05/27 16:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Seagate
[2011/05/28 17:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Systweak
[2010/10/04 16:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\WinPatrol

========== Purity Check ==========

< End of report >

Paulie634 · 2012/12/19

Extras.txt will not post?

Broni:

I tried to post the "Extras.txt" file, but it would not allow me to post the file and gave me the following error message:

The following errors occurred with your submission:

You have included 10 images in your message. You are limited to using 8 images so please go back and correct the problem and then continue again.

Images include use of smilies, the BB code tag and HTML <img> tags. The use of these is all subject to them being enabled by the administrator.[/B]

I did not include any images at all: just the text form the Extras.txt file. Is there a workaround?

Paulie634 · 2012/12/19

Also:

You may already know that I have the free version of WinPatrol (by Bill P. Studios) on this machine. I keep getting a pop-up box alerting me to a registry change that something is trying to enact: (Note: I "X'd out" of the popup alert box without accepting or denying the change, so I don't know if this file association change has already taken effect.)

"WinPatrol File type change alert "

Scotty the Windows Watchdog is on patrol and has detected a change to one of your file type associations' .URL

The program currently associated with this file type is:

Run DLL as an App
Microsoft Corporation
C:\Windows\System 32\rundll32.exe c:\Windows\system32\ieframe.dll,OpenURL %|

A change was made to use the following program for this file type.
Run a DLL as an APP
Microsoft Corporation
rundll32.exe ieframe.exe,OpenURL %|

--------------------------------------------------------

(I tried to include a screenshot but was not able to.)

Thoughts?

Paulie634 · 2012/12/19

I tried to post the Extras.txt. file again, but got the same error message. :-(

Admin. · 2012/12/19

On the "Post Reply" page, check the box Disable smilies in text

Paulie634 · 2012/12/19

Thanks for the response. Will do.

Paulie634 · 2012/12/19

I tried, but...

I tried, and made sure that the "disable smilies in text " checkbox was unchecked, but still got the same error message?

Paulie634 · 2012/12/19

Ooops. Failed to READ your instructions correctly Here is Extras.Txt

OTL Extras logfile created on: 12/19/2012 2:57:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.86% Memory free
4.77 Gb Paging File | 4.37 Gb Available in Paging File | 91.59% Paging File free
Paging file location(s): C:\pagefile.sys 3000 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.69 Gb Total Space | 187.01 Gb Free Space | 81.77% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 412.89 Gb Free Space | 88.65% Space Free | Partition Type: NTFS
Drive H: | 4.19 Gb Total Space | 1.23 Gb Free Space | 29.29% Space Free | Partition Type: FAT32

Computer Name: PCDS-BUSINESS | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2367648578-2664592681-1860400956-1009\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"57973:TCP" = 57973:TCP:*isabledando P2P TCP Listening Port
"57973:UDP" = 57973:UDP:*isabledando P2P UDP Listening Port
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*isabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*isabled:Logitech Harmony Remote Software 7 -- ()
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*isabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*isabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe" = C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe:LocalSubNetisabled:Internet Hearts -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe" = C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe:*isabled:SeagateHipServAgent -- (Axentra Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*isabled:WebKit -- (Apple Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*isabled:Windows Messenger -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{14ECAABB-C8B9-4A09-92F7-CDF1A45B6DDE}" = Google Drive
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{1BC77CEF-C52F-4092-BF87-0D4E6B86D860}" = Memeo Share
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 10
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"{347DA8D7-B858-421e-A154-5F438A36F1A4}" = Memeo Backup Premium
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A69D94E-C569-4154-9643-72E94D1DDFDA}" = XPS Essentials Pack
"{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}" = Multimedia Keyboard Driver
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80A2A967-C1B7-412D-B2B2-C4A33209C205}" = Garmin POI Loader
"{81784157-3D4D-4bc1-B988-B24C32A26DA8}" = Memeo Send
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{913DA816-E8E4-4467-8D22-E2DF5DBF04E4}" = hp psc 2200 series
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"{BE7E6C3D-A42B-4BA3-9767-124EB8ED27E3}" = LightScribe System Software
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{C7DD94A8-F775-426C-B56C-8E555A59F9E2}" = Garmin Communicator Plugin
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{F0DB63F5-0936-41D2-B400-89707218FAAC}" = Memeo LifeAgent Explorer Extension
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"avast" = avast! Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.1
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"DVD Shrink_is1" = DVD Shrink 3.2
"EasyGPS_is1" = EasyGPS 2.9.6
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"hp instant support" = hp instant support
"HP OfficeJet-PSC Scrubber" = HP OfficeJet/PSC Scrubber
"HP PSC 2200 Series" = HP Photo and Imaging 2.0 - hp psc 2200 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"InfraRecorder" = InfraRecorder
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureItPrem_v10" = Microsoft Picture It! Premium 10
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer Basic
"Recover My Files_is1" = Recover My Files
"Revo Uninstaller" = Revo Uninstaller 1.94
"USB-Ethernet Adapter Device" = USB-Ethernet Adapter Device
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEP" = XPS Essentials Pack 1.0
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2367648578-2664592681-1860400956-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/5/2012 7:49:44 PM | Computer Name = PCDS-BUSINESS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/5/2012 7:49:51 PM | Computer Name = PCDS-BUSINESS | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 12/9/2012 9:02:19 PM | Computer Name = PCDS-BUSINESS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/9/2012 9:03:16 PM | Computer Name = PCDS-BUSINESS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/11/2012 6:32:55 PM | Computer Name = PCDS-BUSINESS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/12/2012 10:19:57 AM | Computer Name = PCDS-BUSINESS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/12/2012 10:20:59 AM | Computer Name = PCDS-BUSINESS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/12/2012 10:22:11 AM | Computer Name = PCDS-BUSINESS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/17/2012 12:30:00 AM | Computer Name = PCDS-BUSINESS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/17/2012 1:14:02 PM | Computer Name = PCDS-BUSINESS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 12/6/2012 6:32:33 PM | Computer Name = PCDS-BUSINESS | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 12/16/2012 11:57:51 AM | Computer Name = PCDS-BUSINESS | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.3 on
the Network Card with network address 00133B111DEF.

Error - 12/16/2012 11:59:43 AM | Computer Name = PCDS-BUSINESS | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.3 on
the Network Card with network address 00133B111DEF.

Error - 12/17/2012 6:51:34 PM | Computer Name = PCDS-BUSINESS | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the machine that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 12/17/2012 6:51:34 PM | Computer Name = PCDS-BUSINESS | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the machine that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 12/17/2012 6:51:34 PM | Computer Name = PCDS-BUSINESS | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the machine that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 12/17/2012 6:51:34 PM | Computer Name = PCDS-BUSINESS | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the machine that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 12/17/2012 6:51:34 PM | Computer Name = PCDS-BUSINESS | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{269D9EAF-165C-460C-83.
The
master browser is stopping or an election is being forced.

Error - 12/19/2012 12:05:32 AM | Computer Name = PCDS-BUSINESS | Source = System Error | ID = 1003
Description = Error code 000000ca, parameter1 00000004, parameter2 87ca8f10, parameter3
00000000, parameter4 00000000.

Error - 12/19/2012 1:06:18 AM | Computer Name = PCDS-BUSINESS | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

< End of report >

broni · 2012/12/19

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O15 - HKU\S-1-5-21-2367648578-2664592681-1860400956-1009\..Trusted Domains: durhamtech.edu ([blackboard] http in Trusted sites)
O15 - HKU\S-1-5-21-2367648578-2664592681-1860400956-1009\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn...Detection2.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

===============================

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan ".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Paulie634 · 2012/12/19

Is it safe to assume that I leave off the "code" at the very beginning of the file?

broni · 2012/12/19

Yes, you just copy what;s inside the box.

Paulie634 · 2012/12/19

OTL log

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry key HKEY_USERS\S-1-5-21-2367648578-2664592681-1860400956-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\durhamtech.edu\blackboard\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2367648578-2664592681-1860400956-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {73ECB3AA-4717-450C-A2AB-D00DAD9EE203}
C:\WINDOWS\Downloaded Program Files\setup.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
File oft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Flash cache emptied: 768 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 405 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: Owner
->Temp folder emptied: 889164 bytes

User: Paul
->Temp folder emptied: 1977 bytes
->Temporary Internet Files folder emptied: 7663434 bytes
->Java cache emptied: 1225773 bytes
->FireFox cache emptied: 252991057 bytes
->Google Chrome cache emptied: 127620596 bytes
->Flash cache emptied: 2731 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 68489491 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 35368 bytes
RecycleBin emptied: 43632 bytes

Total Files Cleaned = 438.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Guest

User: LocalService

User: LogMeInRemoteUser

User: NetworkService

User: Owner

User: Paul
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser

User: NetworkService

User: Owner

User: Paul
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12192012_194850

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Paulie634 · 2012/12/19

Log from SecurityCheck.exe

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
WinPatrol
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java 7 Update 10
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.5 Flash Player out of Date!
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
BillP Studios WinPatrol winpatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````

Paulie634 · 2012/12/19

FSS Log

Farbar Service Scanner Version: 10-12-2012
Ran by Paul (administrator) on 19-12-2012 at 20:11:08
Running from "C:\Documents and Settings\Paul\Desktop "
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(14) Avgtdix(13) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) VBoxNetFlt(11)
0x0E000000040000000100000002000000030000000E000000090000000D000000050000000600000007000000080000000A0000000B0000000C000000
IpSec Tag value is correct.

**** End of log ****

Paulie634 · 2012/12/19

Problem using IE 8 to run ESET Online scanner

Broni:

I've been using Firefox to download, run and post at the Windows BBS Forum, but when I tried to click on the ESET online scanner link, it informed me that I needed to use IE.

When I tried to run IE and go to the ESET site, I keep getting the same error messages that I mentioned in my first post.

When I click in the popup box (that has the EULA) and accept the terms of service, I get the error message "This tab has been recovered. A problem with the webpage has caused Internet Explorer to close and reopen the tab. "

When I tried to do it again, a box pops-up briefly (too fast to read) that says something to the effect that "Click here to install the Active X control OnlineScanner.cab ...." but it disappears so fast I can't even click on it?

broni · 2012/12/19

You can run Eset scan from Firefox. It'll just ask you to download small file first.

As for IE..

Go here: http://support.microsoft.com/kb/923737 and run "FixIt" procedure.
Make sure you follow ALL steps listed there.
See if IE will work better.

Paulie634 · 2012/12/19

ESET is scanning now...

Upon closer examination, I did see the download link to download the ESET installation tool (using FireFox), and it is running now.

I should wait until after that is done before I try the Microsoft "FixIt" process, correct?

Thanks - Paul

broni · 2012/12/19

Yes...

Paulie634 · 2012/12/19

Avast! Antivirus

Broni:

I'd disabled the Avast! antivirus shield for one hour, and it appears to have turned itself back on. I have turned it back off.

Does Avast need to remain off during the ESET scan, and if so, does this mean I need to re-run the ESET online scanner?

Sorry for the inconvenience... Paul

broni · 2012/12/19

It's not "a must ". Eset just may scan a bit slower.

Log in or Sign up

Inactive IE 8 crashes, and will not allow Windows update to install

Paulie634 Inactive Thread Starter

Paulie634 Inactive Thread Starter

Paulie634 Inactive Thread Starter

Paulie634 Inactive Thread Starter

Admin. Administrator Administrator Staff

Paulie634 Inactive Thread Starter

Paulie634 Inactive Thread Starter

Paulie634 Inactive Thread Starter

broni Moderator Malware Analyst

Paulie634 Inactive Thread Starter

broni Moderator Malware Analyst

Paulie634 Inactive Thread Starter

Paulie634 Inactive Thread Starter

Paulie634 Inactive Thread Starter

Paulie634 Inactive Thread Starter

broni Moderator Malware Analyst

Paulie634 Inactive Thread Starter

broni Moderator Malware Analyst

Paulie634 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive IE 8 crashes, and will not allow Windows update to install

Paulie634 Inactive Thread Starter

Paulie634 Inactive Thread Starter

Paulie634 Inactive Thread Starter

Paulie634 Inactive Thread Starter

Admin. Administrator Administrator Staff

Paulie634 Inactive Thread Starter

Paulie634 Inactive Thread Starter

Paulie634 Inactive Thread Starter

broni Moderator Malware Analyst

Paulie634 Inactive Thread Starter

broni Moderator Malware Analyst

Paulie634 Inactive Thread Starter

Paulie634 Inactive Thread Starter

Paulie634 Inactive Thread Starter

Paulie634 Inactive Thread Starter

broni Moderator Malware Analyst

Paulie634 Inactive Thread Starter

broni Moderator Malware Analyst

Paulie634 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches