OTL logfile created on: 1/10/2010 1:49:39 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\John Corrigan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 297.57 Gb Free Space | 63.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JOHN-2E3AF4EA16
Current User Name: John Corrigan
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ========== PRC - [2010/10/01 13:39:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Corrigan\Desktop\OTL.exe
PRC - [2010/07/19 17:26:02 | 000,198,608 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/06/10 16:23:14 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/02/02 09:13:54 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
PRC - [2009/07/20 11:03:24 | 002,836,376 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/19 11:30:46 | 002,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2007/03/26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2007/03/23 13:20:52 | 000,227,328 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2007/03/12 14:51:26 | 000,663,552 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2007/03/06 19:20:00 | 000,536,576 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2007/03/02 16:48:00 | 000,098,304 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/01/29 21:12:14 | 000,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2006/01/07 14:35:33 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
PRC - [2004/11/26 22:42:32 | 001,349,120 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2004/11/26 22:42:10 | 000,812,032 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
========== Modules (SafeList) ========== MOD - [2010/10/01 13:39:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Corrigan\Desktop\OTL.exe
MOD - [2010/02/02 09:13:54 | 000,451,856 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFWAH.dll
MOD - [2009/10/30 10:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2008/04/14 10:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\JOHNCO~1\LOCALS~1\Temp\fFollower.exe -- (Follower)
SRV - [2010/07/19 17:26:02 | 000,198,608 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/02 09:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2008/03/19 11:30:46 | 002,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2007/03/26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2004/11/26 22:42:10 | 000,812,032 | ---- | M] (Ahead Software AG) [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2004/11/26 22:42:10 | 000,812,032 | ---- | M] (Ahead Software AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\ZoneLabs\avsys\KLIF.SYS -- (TSP)
DRV - [2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/02/02 09:13:54 | 000,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/02/02 09:13:54 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/02/02 09:13:54 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/02/21 11:37:17 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2009/02/16 19:45:36 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/04/14 04:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 02:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/18 14:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/02/14 19:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/02/11 14:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2008/01/04 00:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/07/23 13:12:44 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshhl.sys -- (akshhl)
DRV - [2007/07/05 13:16:56 | 000,238,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2007/07/05 13:16:56 | 000,014,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2007/02/22 10:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007/02/22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007/02/22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007/02/22 10:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2004/11/26 22:36:02 | 000,027,648 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2004/11/26 12:36:24 | 000,098,176 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2004/11/26 12:36:06 | 000,028,928 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2004/10/15 11:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "
www.google.com"FF - prefs.js..extensions.enabledItems:
mozilla_cc@internetdownloadmanager.com:6.1
FF - HKLM\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\Spyware Doctor\BDT\FireFox\ [2010/07/21 22:12:32 | 000,000,000 | ---D | M]
[2010/07/29 20:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Corrigan\Application Data\Mozilla\Extensions
[2010/07/29 20:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Corrigan\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/03/31 18:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Corrigan\Application Data\Mozilla\Firefox\Profiles\n54niuoc.default\extensions
O1 HOSTS File: ([2004/08/04 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (FreshDownload Bar) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ddaawtaudio] C:\WINDOWS\System32\rqpmkh.dll (Symantec Corporation)
O4 - HKLM..\Run: [GEST] File not found
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe (HP)
O4 - HKLM..\Run: [HPHUPD06] C:\Program Files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [mlifcysys] C:\WINDOWS\System32\awwvtu.dll (Symantec Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKCU..\Run: [ljkjjhaudio] C:\WINDOWS\System32\rqpmkh.dll (Symantec Corporation)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKCU..\Run: [ssqnnlsys] C:\WINDOWS\System32\awwvtu.dll (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: FreshDownload - {F4B9D88E-7786-4824-8C0E-EADA01DF3378} - Reg Error: Value error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A}
http://au.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab (DjVuCtl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166}
http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282189974765 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1239106224111&h=b2b477069549a3619f372cf25071d232/&filename=jinstall-6u13-windows-i586-jc.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (awwvtu.dll) - C:\WINDOWS\System32\awwvtu.dll (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/16 14:42:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f0b6544e-2238-11de-9261-001fd018ea93}\Shell - "" = Autorun
O33 - MountPoints2\{f0b6544e-2238-11de-9261-001fd018ea93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f0b6544e-2238-11de-9261-001fd018ea93}\Shell\Open\command - "" = K:\RECYCLER\S-0-0-52-100028031-100004524-100026757-7862.com -- File not found
O33 - MountPoints2\{f1c3e33a-fbf6-11dd-b823-abe6183e678e}\Shell - "" = AutoRun
O33 - MountPoints2\{f1c3e33a-fbf6-11dd-b823-abe6183e678e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f1c3e33a-fbf6-11dd-b823-abe6183e678e}\Shell\AutoRun\command - "" = F:\EasySuite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/10/01 13:39:21 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Corrigan\Desktop\OTL.exe
[2010/09/30 20:52:13 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2010/09/30 20:52:12 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2010/09/30 20:52:12 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2010/09/30 20:52:12 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2010/09/30 20:52:12 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2010/09/30 20:52:11 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2010/09/30 20:52:11 | 000,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2010/09/30 20:52:11 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2010/09/30 20:52:11 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2010/09/30 20:52:11 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2010/09/30 20:52:11 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2010/09/30 20:52:11 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2010/09/30 20:52:10 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2010/09/30 20:52:10 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2010/09/30 20:52:10 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2010/09/30 20:52:10 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2010/09/30 20:52:10 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2010/09/30 20:52:10 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2010/09/30 20:52:10 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2010/09/30 20:52:09 | 001,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2010/09/30 20:52:09 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2010/09/30 20:52:08 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2010/09/30 20:52:08 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2010/09/30 20:52:08 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2010/09/30 20:52:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2010/09/30 20:52:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2010/09/30 20:51:53 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2010/09/30 20:51:53 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2010/09/30 20:51:52 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2010/09/30 20:51:52 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2010/09/30 20:51:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2010/09/30 20:51:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2010/09/30 20:51:52 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2010/09/30 20:51:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2010/09/30 20:51:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2010/09/30 20:51:52 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2010/09/30 20:51:51 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2010/09/30 20:51:51 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2010/09/30 20:51:38 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2010/09/30 20:51:38 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2010/09/30 20:51:34 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2010/09/30 20:51:34 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2010/09/30 20:51:33 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2010/09/30 20:51:33 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2010/09/30 20:51:31 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2010/09/30 20:51:31 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2010/09/30 20:51:31 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2010/09/30 20:51:31 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2010/09/30 20:51:30 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2010/09/30 20:51:30 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2010/09/30 20:51:27 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2010/09/30 20:51:27 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2010/09/30 18:53:04 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\John Corrigan\Desktop\mbam-setup-1.46.exe
[2010/09/30 16:39:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/09/29 18:34:21 | 000,101,376 | -H-- | C] (Symantec Corporation) -- C:\WINDOWS\System32\rqpmkh.dll
[2010/09/29 17:48:34 | 000,094,208 | -H-- | C] (Symantec Corporation) -- C:\WINDOWS\System32\awwvtu.dll
[2010/09/17 22:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Corrigan\Application Data\Eltima Software
========== Files - Modified Within 30 Days ========== [2010/10/01 13:45:44 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/01 13:45:07 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/10/01 13:44:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/01 13:44:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/01 13:40:59 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\John Corrigan\NTUSER.DAT
[2010/10/01 13:40:59 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\John Corrigan\ntuser.ini
[2010/10/01 13:39:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Corrigan\Desktop\OTL.exe
[2010/10/01 11:33:04 | 015,601,664 | ---- | M] () -- C:\Documents and Settings\John Corrigan\My Documents\db5.mdb
[2010/09/30 20:52:27 | 000,512,476 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/30 20:52:27 | 000,435,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/30 20:52:27 | 000,068,360 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/30 20:52:15 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\John Corrigan\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/09/30 18:54:35 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/30 18:53:04 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\John Corrigan\Desktop\mbam-setup-1.46.exe
[2010/09/30 15:30:16 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/30 12:05:41 | 001,675,264 | ---- | M] () -- C:\Documents and Settings\John Corrigan\My Documents\CamdenHavenRFB.mdb
[2010/09/30 12:03:25 | 000,000,425 | ---- | M] () -- C:\WINDOWS\adbk32.ini
[2010/09/29 18:34:21 | 000,101,376 | -H-- | M] (Symantec Corporation) -- C:\WINDOWS\System32\rqpmkh.dll
[2010/09/29 17:48:34 | 000,094,208 | -H-- | M] (Symantec Corporation) -- C:\WINDOWS\System32\awwvtu.dll
[2010/09/29 17:46:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/29 17:46:55 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/29 17:17:24 | 000,218,112 | ---- | M] () -- C:\Documents and Settings\John Corrigan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/21 19:59:35 | 001,306,624 | ---- | M] () -- C:\Documents and Settings\John Corrigan\Desktop\Postcode.mde
[2010/09/20 09:25:44 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\John Corrigan\default.pls
[2010/09/17 22:05:58 | 000,156,672 | ---- | M] (Radioactive) -- C:\WINDOWS\System32\rmc_fixasf.exe
[2010/09/17 22:05:56 | 000,237,568 | ---- | M] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2010/09/16 03:04:33 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/09 14:44:13 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/09/06 11:41:00 | 000,929,792 | ---- | M] () -- C:\Documents and Settings\John Corrigan\My Documents\db8.mdb
[2010/09/06 11:40:36 | 000,245,760 | ---- | M] () -- C:\Documents and Settings\John Corrigan\My Documents\Appointments.mdb
[2010/09/05 21:07:59 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\John Corrigan\My Documents\RFD Lesson Notes.doc
========== Files Created - No Company Name ========== [2010/09/30 20:52:15 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\John Corrigan\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/09/30 20:51:42 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/09/30 20:51:42 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/09/30 20:51:42 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/09/30 20:51:41 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/09/30 20:51:41 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/09/30 20:51:41 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/09/30 20:51:41 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/09/30 20:51:41 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/09/30 20:51:41 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/09/30 20:51:40 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/09/30 20:51:40 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/09/30 20:51:40 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/09/30 20:51:40 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/09/30 20:51:39 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/09/30 20:51:39 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/09/30 20:51:39 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/09/30 20:51:39 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/09/30 20:51:35 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/09/30 20:51:34 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/09/30 18:54:35 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/05 21:07:59 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\John Corrigan\My Documents\RFD Lesson Notes.doc
[2010/06/10 16:06:31 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/06/10 16:06:31 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/01/20 14:57:00 | 000,000,435 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/01/05 16:07:25 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/05 16:07:25 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/13 21:44:19 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/07/28 10:44:15 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/07/28 10:42:38 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/04/16 03:01:51 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/06 15:23:11 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/03/26 17:37:29 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2009/03/21 10:29:48 | 000,000,080 | ---- | C] () -- C:\WINDOWS\scan2email.ini
[2009/03/21 10:20:04 | 000,000,534 | ---- | C] () -- C:\WINDOWS\scan2email_p.ini
[2009/03/12 17:36:28 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/03 17:15:13 | 000,000,425 | ---- | C] () -- C:\WINDOWS\adbk32.ini
[2009/02/21 11:37:17 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2009/02/17 20:51:18 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/02/17 20:51:18 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/02/17 20:49:42 | 000,000,798 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/02/17 20:49:42 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/02/16 21:06:34 | 000,218,112 | ---- | C] () -- C:\Documents and Settings\John Corrigan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/16 16:04:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/07 12:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== Alternate Data Streams ========== @Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CFE8F97
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44807EFA
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
< End of report >
OTL Extras logfile created on: 1/10/2010 1:49:39 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\John Corrigan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 297.57 Gb Free Space | 63.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JOHN-2E3AF4EA16
Current User Name: John Corrigan
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"enablefirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"enablefirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1947:TCP" = 1947:TCP:*:Enabled:HASP SRM
"1947:UDP" = 1947:UDP:*:Enabled:HASP SRM
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"enablefirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{15B3667C-3468-4B03-8CC1-0EE41AD589F3}" = PSPrinters06
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1E2B6A53-C6B4-4ABC-AAD9-53E9B1740D56}" = ProFusion PSG 2
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8A669D55-F127-46DF-9FBE-8D27CD7E4A53}" = PS320
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Test Installer
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{BA2D9411-DBB4-43e4-9421-780413650A67}" = Photosmart 320,370,7400,8100,8400,8700 Series
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"Acoustica Effects Pack" = Acoustica Effects Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adr_Book_is1" = Adr_Book 5.8f
"Belarc Advisor" = Belarc Advisor 7.2
"Browser Defender_is1" = Browser Defender 3.0.0.11
"Collectorz.com Book Collector" = Collectorz.com Book Collector
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CSIRO Fire Danger Calculator" = CSIRO Fire Danger Calculator
"DBXTriever_is1" = DBXTriever 3.15
"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{1E2B6A53-C6B4-4ABC-AAD9-53E9B1740D56}" = ProFusion PSG 2
"Kiran's Typing Tutor_is1" = Kiran's Typing Tutor 1.0
"Legacy 6.0" = Legacy 6.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"ProFusion Sleep Software_is1" = ProFusion Sleep Software 3.1 Build 248
"Registry Mechanic_is1" = Registry Mechanic 8.0
"Scan2Email" = Scan2Email
"Spyware Doctor" = Spyware Doctor 7.0
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"1e4909e688cda12b" = Windows Speech Recognition Toolkit
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 29/09/2010 3:48:47 AM | Computer Name = JOHN-2E3AF4EA16 | Source = fFollower.exe | ID = 0
Description =
Error - 29/09/2010 4:00:54 AM | Computer Name = JOHN-2E3AF4EA16 | Source = Application Hang | ID = 1002
Description = Hanging application fFollower.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 30/09/2010 1:34:07 AM | Computer Name = JOHN-2E3AF4EA16 | Source = fFollower.exe | ID = 0
Description =
Error - 30/09/2010 1:34:12 AM | Computer Name = JOHN-2E3AF4EA16 | Source = fFollower.exe | ID = 0
Description =
Error - 30/09/2010 1:34:12 AM | Computer Name = JOHN-2E3AF4EA16 | Source = fFollower.exe | ID = 0
Description =
Error - 30/09/2010 1:34:14 AM | Computer Name = JOHN-2E3AF4EA16 | Source = fFollower.exe | ID = 0
Description =
Error - 30/09/2010 1:34:14 AM | Computer Name = JOHN-2E3AF4EA16 | Source = fFollower.exe | ID = 0
Description =
Error - 30/09/2010 1:34:14 AM | Computer Name = JOHN-2E3AF4EA16 | Source = fFollower.exe | ID = 0
Description =
Error - 30/09/2010 1:34:16 AM | Computer Name = JOHN-2E3AF4EA16 | Source = fFollower.exe | ID = 0
Description =
Error - 30/09/2010 1:34:16 AM | Computer Name = JOHN-2E3AF4EA16 | Source = fFollower.exe | ID = 0
Description =
[ System Events ]
Error - 29/09/2010 9:39:08 PM | Computer Name = JOHN-2E3AF4EA16 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.1.2 for the Network Card with network address
001FD018EA93 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a
DHCPNACK message).
Error - 29/09/2010 10:09:11 PM | Computer Name = JOHN-2E3AF4EA16 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.1.2 for the Network Card with network address
001FD018EA93 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a
DHCPNACK message).
Error - 29/09/2010 10:39:15 PM | Computer Name = JOHN-2E3AF4EA16 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.1.2 for the Network Card with network address
001FD018EA93 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a
DHCPNACK message).
Error - 30/09/2010 1:34:18 AM | Computer Name = JOHN-2E3AF4EA16 | Source = Service Control Manager | ID = 7034
Description = The Follower service terminated unexpectedly. It has done this 1
time(s).
Error - 30/09/2010 2:20:39 AM | Computer Name = JOHN-2E3AF4EA16 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.1.2 for the Network Card with network address
001FD018EA93 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a
DHCPNACK message).
Error - 30/09/2010 4:20:44 AM | Computer Name = JOHN-2E3AF4EA16 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.1.2 for the Network Card with network address
001FD018EA93 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a
DHCPNACK message).
Error - 30/09/2010 6:50:48 AM | Computer Name = JOHN-2E3AF4EA16 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.1.2 for the Network Card with network address
001FD018EA93 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a
DHCPNACK message).
Error - 30/09/2010 3:55:51 PM | Computer Name = JOHN-2E3AF4EA16 | Source = Service Control Manager | ID = 7034
Description = The Follower service terminated unexpectedly. It has done this 1
time(s).
Error - 30/09/2010 11:29:20 PM | Computer Name = JOHN-2E3AF4EA16 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.1.2 for the Network Card with network address
001FD018EA93 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a
DHCPNACK message).
Error - 30/09/2010 11:45:16 PM | Computer Name = JOHN-2E3AF4EA16 | Source = Service Control Manager | ID = 7000
Description = The Follower service failed to start due to the following error: %%2
< End of report >